Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user’s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.
Description: Spring Boot
File Path: /root/.m2/repository/org/springframework/boot/spring-boot/1.5.8.RELEASE/spring-boot-1.5.8.RELEASE.jar
MD5: 675be87ce49c0b8ace3ebfcf984c11e8
SHA1: 748ebde51761e12627ad23d064024f342b18f9b4
Referenced In Project/Scope:
headerbuddy:compile
Description: Spring Boot AutoConfigure
File Path: /root/.m2/repository/org/springframework/boot/spring-boot-autoconfigure/1.5.8.RELEASE/spring-boot-autoconfigure-1.5.8.RELEASE.jar
MD5: 883725f77818b4142ae082cbcd95b86b
SHA1: e4f2efa4c319f4e3613d94fbccfdb5ccda6873e3
Referenced In Project/Scope:
headerbuddy:compile
Description: JUL to SLF4J bridge
File Path: /root/.m2/repository/org/slf4j/jul-to-slf4j/1.7.25/jul-to-slf4j-1.7.25.jar
MD5: ab28124cb05fec600f2ffe37b94629e0
SHA1: 0af5364cd6679bfffb114f0dec8a157aaa283b76
Referenced In Project/Scope:
headerbuddy:compile
Description: Log4j implemented over SLF4J
License:
Apache Software Licenses: http://www.apache.org/licenses/LICENSE-2.0.txtFile Path: /root/.m2/repository/org/slf4j/log4j-over-slf4j/1.7.25/log4j-over-slf4j-1.7.25.jar
Description: Starter for logging using Logback. Default logging starter
File Path: /root/.m2/repository/org/springframework/boot/spring-boot-starter-logging/1.5.8.RELEASE/spring-boot-starter-logging-1.5.8.RELEASE.jar
MD5: 0382e6357210ce235ec4f7a6fbb78d9b
SHA1: ebc00a0e46753d90431fdcc5e3d6b9fd3bf1564a
Referenced In Project/Scope:
headerbuddy:compile
Description: YAML 1.1 parser and emitter for Java
License:
Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txtFile Path: /root/.m2/repository/org/yaml/snakeyaml/1.17/snakeyaml-1.17.jar
Description: Core starter, including auto-configuration support, logging and YAML
File Path: /root/.m2/repository/org/springframework/boot/spring-boot-starter/1.5.8.RELEASE/spring-boot-starter-1.5.8.RELEASE.jar
MD5: f1f15b6c0c1d8d0b3396eb02143e6aec
SHA1: 18048efe1f06569022a53cc3fb2fe9c0162935a3
Referenced In Project/Scope:
headerbuddy:compile
Description: Annotations Package
License:
Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txtFile Path: /root/.m2/repository/org/apache/tomcat/tomcat-annotations-api/8.5.23/tomcat-annotations-api-8.5.23.jar
Severity:
High
CVSS Score: 7.2
(AV:L/AC:L/Au:N/C:C/I:C/A:C)
CWE: CWE-264 Permissions, Privileges, and Access Controls
The Tomcat package on Red Hat Enterprise Linux (RHEL) 7, Fedora, CentOS, Oracle Linux, and possibly other Linux distributions uses weak permissions for /usr/lib/tmpfiles.d/tomcat.conf, which allows local users to gain root privileges by leveraging membership in the tomcat group.
Vulnerable Software & Versions:
Severity:
High
CVSS Score: 7.2
(AV:L/AC:L/Au:N/C:C/I:C/A:C)
CWE: CWE-264 Permissions, Privileges, and Access Controls
The Tomcat package on Red Hat Enterprise Linux (RHEL) 5 through 7, JBoss Web Server 3.0, and JBoss EWS 2 uses weak permissions for (1) /etc/sysconfig/tomcat and (2) /etc/tomcat/tomcat.conf, which allows local users to gain privileges by leveraging membership in the tomcat group.
Vulnerable Software & Versions:
Severity:
Medium
CVSS Score: 5.0
(AV:N/AC:L/Au:N/C:N/I:N/A:P)
CWE: CWE-19 Data Handling
It was discovered that a programming error in the processing of HTTPS requests in the Apache Tomcat servlet and JSP engine may result in denial of service via an infinite loop. The denial of service is easily achievable as a consequence of backporting a CVE-2016-6816 fix but not backporting the fix for Tomcat bug 57544. Distributions affected by this backporting issue include Debian (before 7.0.56-3+deb8u8 and 8.0.14-1+deb8u7 in jessie) and Ubuntu.
Vulnerable Software & Versions:
Description: Core Tomcat implementation
License:
Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txtFile Path: /root/.m2/repository/org/apache/tomcat/embed/tomcat-embed-core/8.5.23/tomcat-embed-core-8.5.23.jar
Description: Starter for using Tomcat as the embedded servlet container. Default
servlet container starter used by spring-boot-starter-web
File Path: /root/.m2/repository/org/springframework/boot/spring-boot-starter-tomcat/1.5.8.RELEASE/spring-boot-starter-tomcat-1.5.8.RELEASE.jar
MD5: f503ff9955fc1afc2e8419fd24750bbd
SHA1: cf3b7eb7e192a60ab1dd09e4f8bce82710a5feb0
Referenced In Project/Scope:
headerbuddy:compile
Description:
Bean Validation API
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txtFile Path: /root/.m2/repository/javax/validation/validation-api/1.1.0.Final/validation-api-1.1.0.Final.jar
Description: The JBoss Logging Framework
License:
Apache License, version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txtFile Path: /root/.m2/repository/org/jboss/logging/jboss-logging/3.3.1.Final/jboss-logging-3.3.1.Final.jar
Description: Library for introspecting types with full generic information
including resolving of field and method types.
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txtFile Path: /root/.m2/repository/com/fasterxml/classmate/1.3.4/classmate-1.3.4.jar
Description: Hibernate's Bean Validation (JSR-303) reference implementation.
License:
http://www.apache.org/licenses/LICENSE-2.0.txtFile Path: /root/.m2/repository/org/hibernate/hibernate-validator/5.3.5.Final/hibernate-validator-5.3.5.Final.jar
Description: Starter for building web, including RESTful, applications using Spring
MVC. Uses Tomcat as the default embedded container
File Path: /root/.m2/repository/org/springframework/boot/spring-boot-starter-web/1.5.8.RELEASE/spring-boot-starter-web-1.5.8.RELEASE.jar
MD5: 438d727721706551127010b294431fb5
SHA1: 7e0dc79e3b47be4539ad3c033639133ae6b7a17e
Referenced In Project/Scope:
headerbuddy:compile
Description: The AspectJ weaver introduces advices to java classes
License:
Eclipse Public License - v 1.0: http://www.eclipse.org/legal/epl-v10.htmlFile Path: /root/.m2/repository/org/aspectj/aspectjweaver/1.8.11/aspectjweaver-1.8.11.jar
Description: Starter for aspect-oriented programming with Spring AOP and AspectJ
File Path: /root/.m2/repository/org/springframework/boot/spring-boot-starter-aop/1.5.8.RELEASE/spring-boot-starter-aop-1.5.8.RELEASE.jar
MD5: fe2b34c575e1bdf72458305aca73006d
SHA1: 9bc9a40e0718726ed48f6becc509b2d186f1ebcc
Referenced In Project/Scope:
headerbuddy:compile
Description: Tomcat Core Logging Package
License:
Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txtFile Path: /root/.m2/repository/org/apache/tomcat/tomcat-juli/8.5.23/tomcat-juli-8.5.23.jar
Description: Starter for using JDBC with the Tomcat JDBC connection pool
File Path: /root/.m2/repository/org/springframework/boot/spring-boot-starter-jdbc/1.5.8.RELEASE/spring-boot-starter-jdbc-1.5.8.RELEASE.jar
MD5: f7ded0503dea0401eb4941eba8f944df
SHA1: fc98631eba9817c920b9ac1c5845214f49637a33
Referenced In Project/Scope:
headerbuddy:compile
Description: Clean-room definition of JPA APIs intended for use in developing Hibernate JPA implementation. See README.md for details
License:
Eclipse Public License (EPL), Version 1.0: http://www.eclipse.org/legal/epl-v10.html Eclipse Distribution License (EDL), Version 1.0: http://www.eclipse.org/org/documents/edl-v10.phpFile Path: /root/.m2/repository/org/hibernate/javax/persistence/hibernate-jpa-2.1-api/1.0.0.Final/hibernate-jpa-2.1-api-1.0.0.Final.jar
Description:
A framework for constructing recognizers, compilers,
and translators from grammatical descriptions containing
Java, C#, C++, or Python actions.
License:
BSD License: http://www.antlr.org/license.htmlFile Path: /root/.m2/repository/antlr/antlr/2.7.7/antlr-2.7.7.jar
Description: Parent POM for JBoss projects. Provides default project build configuration.
License:
Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txtFile Path: /root/.m2/repository/org/jboss/jandex/2.0.0.Final/jandex-2.0.0.Final.jar
Description: dom4j: the flexible XML framework for Java
File Path: /root/.m2/repository/dom4j/dom4j/1.6.1/dom4j-1.6.1.jar
MD5: 4d8f51d3fe3900efc6e395be48030d6d
SHA1: 5d3ccc056b6f056dbf0dddfdf43894b9065a8f94
Referenced In Project/Scope:
headerbuddy:compile
Description: Common reflection code used in support of annotation processing
License:
GNU Lesser General Public License: http://www.gnu.org/licenses/lgpl-2.1.htmlFile Path: /root/.m2/repository/org/hibernate/common/hibernate-commons-annotations/5.0.1.Final/hibernate-commons-annotations-5.0.1.Final.jar
Description: The core O/RM functionality as provided by Hibernate
License:
GNU Lesser General Public License: http://www.gnu.org/licenses/lgpl-2.1.htmlFile Path: /root/.m2/repository/org/hibernate/hibernate-core/5.0.12.Final/hibernate-core-5.0.12.Final.jar
Description: Hibernate O/RM implementation of the JPA specification
License:
GNU Lesser General Public License: http://www.gnu.org/licenses/lgpl-2.1.htmlFile Path: /root/.m2/repository/org/hibernate/hibernate-entitymanager/5.0.12.Final/hibernate-entitymanager-5.0.12.Final.jar
Description: Project GlassFish Java Transaction API
License:
CDDL + GPLv2 with classpath exception: https://glassfish.dev.java.net/nonav/public/CDDL+GPL.htmlFile Path: /root/.m2/repository/javax/transaction/javax.transaction-api/1.2/javax.transaction-api-1.2.jar
File Path: /root/.m2/repository/org/springframework/data/spring-data-commons/1.13.8.RELEASE/spring-data-commons-1.13.8.RELEASE.jar
MD5: 41b6ce6edafc9db13a523c78b3c4e19a
SHA1: 2853e3c38e02d42529f6c8b247d7bace40c25642
Referenced In Project/Scope:
headerbuddy:compile
Description: Spring Transaction
License:
Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0File Path: /root/.m2/repository/org/springframework/spring-tx/4.3.12.RELEASE/spring-tx-4.3.12.RELEASE.jar
Description: JCL 1.2 implemented over SLF4J
File Path: /root/.m2/repository/org/slf4j/jcl-over-slf4j/1.7.25/jcl-over-slf4j-1.7.25.jar
MD5: 56b22adc639b09b2e917f42d68b26600
SHA1: f8c32b13ff142a513eeb5b6330b1588dcb2c0461
Referenced In Project/Scope:
headerbuddy:compile
Description: Spring Data module for JPA repositories.
File Path: /root/.m2/repository/org/springframework/data/spring-data-jpa/1.11.8.RELEASE/spring-data-jpa-1.11.8.RELEASE.jar
MD5: edace70f681e79388d3376995f5ca123
SHA1: d674b8407de3d2998c106557fd6a6665de2bc217
Referenced In Project/Scope:
headerbuddy:compile
Description: Starter for using Spring Data JPA with Hibernate
File Path: /root/.m2/repository/org/springframework/boot/spring-boot-starter-data-jpa/1.5.8.RELEASE/spring-boot-starter-data-jpa-1.5.8.RELEASE.jar
MD5: adba5d9107ec66d2ae7fd12d33d7d3ed
SHA1: 55bb5e8aea5707f79ee9888ad75261a7b7df4654
Referenced In Project/Scope:
headerbuddy:compile
Description: Core Jackson abstractions, basic JSON streaming API implementation
License:
http://www.apache.org/licenses/LICENSE-2.0.txtFile Path: /root/.m2/repository/com/fasterxml/jackson/core/jackson-core/2.8.10/jackson-core-2.8.10.jar
Description: Core annotations used for value types, used by Jackson data binding package.
License:
http://www.apache.org/licenses/LICENSE-2.0.txtFile Path: /root/.m2/repository/com/fasterxml/jackson/core/jackson-annotations/2.8.0/jackson-annotations-2.8.0.jar
Description: tax2 API is an extension to basic Stax 1.0 API that adds significant new functionality, such as full-featured bi-direction validation interface and high-performance Typed Access API.
License:
The BSD License: http://www.opensource.org/licenses/bsd-license.phpFile Path: /root/.m2/repository/org/codehaus/woodstox/stax2-api/3.1.4/stax2-api-3.1.4.jar
Description:
Woodstox is a high-performance XML processor that
implements Stax (JSR-173), SAX2 and Stax2 APIs
License:
The Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txtFile Path: /root/.m2/repository/com/fasterxml/woodstox/woodstox-core/5.0.3/woodstox-core-5.0.3.jar
Description:
Guava is a suite of core and expanded libraries that include
utility classes, google's collections, io classes, and much
much more.
Guava has only one code dependency - javax.annotation,
per the JSR-305 spec.
License:
http://www.apache.org/licenses/LICENSE-2.0.txtFile Path: /root/.m2/repository/com/google/guava/guava/20.0/guava-20.0.jar
Description:
Javassist (JAVA programming ASSISTant) makes Java bytecode manipulation
simple. It is a class library for editing bytecodes in Java.
License:
MPL 1.1: http://www.mozilla.org/MPL/MPL-1.1.html LGPL 2.1: http://www.gnu.org/licenses/lgpl-2.1.html Apache License 2.0: http://www.apache.org/licenses/File Path: /root/.m2/repository/org/javassist/javassist/3.21.0-GA/javassist-3.21.0-GA.jar
Description: Reflections - a Java runtime metadata analysis
License:
WTFPL: http://www.wtfpl.net/ The New BSD License: http://www.opensource.org/licenses/bsd-license.htmlFile Path: /root/.m2/repository/org/reflections/reflections/0.9.11/reflections-0.9.11.jar
Description: Java API for RESTful Web Services (JAX-RS)
License:
CDDL 1.1: http://glassfish.java.net/public/CDDL+GPL_1_1.html GPL2 w/ CPE: http://glassfish.java.net/public/CDDL+GPL_1_1.htmlFile Path: /root/.m2/repository/javax/ws/rs/javax.ws.rs-api/2.0.1/javax.ws.rs-api-2.0.1.jar
Description: Common Annotations for the JavaTM Platform API
License:
CDDL + GPLv2 with classpath exception: https://glassfish.dev.java.net/nonav/public/CDDL+GPL.htmlFile Path: /root/.m2/repository/javax/annotation/javax.annotation-api/1.2/javax.annotation-api-1.2.jar
Description: Jersey Guava Repackaged
License:
http://glassfish.java.net/public/CDDL+GPL_1_1.htmlFile Path: /root/.m2/repository/org/glassfish/jersey/bundles/repackaged/jersey-guava/2.25.1/jersey-guava-2.25.1.jar
Description: See http://wiki.glassfish.java.net/Wiki.jsp?page=JdkSpiOsgi for more information
License:
https://glassfish.dev.java.net/nonav/public/CDDL+GPL.htmlFile Path: /root/.m2/repository/org/glassfish/hk2/osgi-resource-locator/1.0.1/osgi-resource-locator-1.0.1.jar
Description: Jersey core common packages
License:
http://glassfish.java.net/public/CDDL+GPL_1_1.htmlFile Path: /root/.m2/repository/org/glassfish/jersey/core/jersey-common/2.25.1/jersey-common-2.25.1.jar
Description: HK2 Implementation Utilities
License:
https://glassfish.java.net/nonav/public/CDDL+GPL_1_1.htmlFile Path: /root/.m2/repository/org/glassfish/hk2/hk2-utils/2.5.0-b32/hk2-utils-2.5.0-b32.jar
Description: Dependency Injection Kernel
License:
https://glassfish.java.net/nonav/public/CDDL+GPL_1_1.htmlFile Path: /root/.m2/repository/org/glassfish/hk2/external/aopalliance-repackaged/2.5.0-b32/aopalliance-repackaged-2.5.0-b32.jar
Description: ${project.name}
License:
https://glassfish.java.net/nonav/public/CDDL+GPL_1_1.htmlFile Path: /root/.m2/repository/org/glassfish/hk2/hk2-api/2.5.0-b32/hk2-api-2.5.0-b32.jar
Description: Injection API (JSR 330) version ${javax.inject.version} repackaged as OSGi bundle
License:
https://glassfish.java.net/nonav/public/CDDL+GPL_1_1.htmlFile Path: /root/.m2/repository/org/glassfish/hk2/external/javax.inject/2.5.0-b32/javax.inject-2.5.0-b32.jar
Description: ${project.name}
License:
https://glassfish.java.net/nonav/public/CDDL+GPL_1_1.htmlFile Path: /root/.m2/repository/org/glassfish/hk2/hk2-locator/2.5.0-b32/hk2-locator-2.5.0-b32.jar
Description: Jersey core client implementation
License:
http://glassfish.java.net/public/CDDL+GPL_1_1.htmlFile Path: /root/.m2/repository/org/glassfish/jersey/core/jersey-client/2.25.1/jersey-client-2.25.1.jar
Description: Jersey Client Transport via Apache
License:
http://glassfish.java.net/public/CDDL+GPL_1_1.htmlFile Path: /root/.m2/repository/org/glassfish/jersey/connectors/jersey-apache-connector/2.22.2/jersey-apache-connector-2.22.2.jar
Description:
Jersey extension module providing support for Entity Data Filtering.
License:
http://glassfish.java.net/public/CDDL+GPL_1_1.htmlFile Path: /root/.m2/repository/org/glassfish/jersey/ext/jersey-entity-filtering/2.25.1/jersey-entity-filtering-2.25.1.jar
Description:
Jersey JSON Jackson (2.x) entity providers support module.
License:
http://glassfish.java.net/public/CDDL+GPL_1_1.htmlFile Path: /root/.m2/repository/org/glassfish/jersey/media/jersey-media-json-jackson/2.25.1/jersey-media-json-jackson-2.25.1.jar
Description:
Apache Commons Compress software defines an API for working with
compression and archive formats.
These include: bzip2, gzip, pack200, lzma, xz, Snappy, traditional
Unix Compress, DEFLATE and ar, cpio, jar, tar, zip, dump, 7z, arj.
License:
http://www.apache.org/licenses/LICENSE-2.0.txtFile Path: /root/.m2/repository/org/apache/commons/commons-compress/1.9/commons-compress-1.9.jar
Description:
The Apache Commons IO library contains utility classes, stream implementations, file filters,
file comparators, endian transformation classes, and much more.
License:
http://www.apache.org/licenses/LICENSE-2.0.txtFile Path: /root/.m2/repository/commons-io/commons-io/2.5/commons-io-2.5.jar
Description:
The Apache Commons Codec package contains simple encoder and decoders for
various formats such as Base64 and Hexadecimal. In addition to these
widely used encoders and decoders, the codec package also maintains a
collection of phonetic encoding utilities.
License:
http://www.apache.org/licenses/LICENSE-2.0.txtFile Path: /root/.m2/repository/commons-codec/commons-codec/1.10/commons-codec-1.10.jar
Description:
Apache HttpComponents Client
File Path: /root/.m2/repository/org/apache/httpcomponents/httpclient/4.5.3/httpclient-4.5.3.jar
MD5: 1965ebb7aca0f9f8faaed3870d8cf689
SHA1: d1577ae15f01ef5438c5afc62162457c00a34713
Referenced In Project/Scope:
headerbuddy:compile
Description:
Apache HttpComponents Core (blocking I/O)
File Path: /root/.m2/repository/org/apache/httpcomponents/httpcore/4.4.8/httpcore-4.4.8.jar
MD5: 60fb93171aa46ffaefde3623c517bd60
SHA1: 70539e2a07865bab38b4153da1ce599cf081790a
Referenced In Project/Scope:
headerbuddy:compile
Description: Java Foreign Function Interface
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txtFile Path: /root/.m2/repository/com/github/jnr/jffi/1.2.9/jffi-1.2.9.jar
File Path: /root/.m2/repository/com/github/jnr/jffi/1.2.9/jffi-1.2.9-native.jar
MD5: 4457ad354ccb93ba16c454b308873a8f
SHA1: 1b1e82f867bb47237e6db690fbc6bfc999689c63
Referenced In Project/Scope:
headerbuddy:runtime
File Path: /root/.m2/repository/org/ow2/asm/asm-commons/5.0.3/asm-commons-5.0.3.jar
MD5: 49c4bd16df054f7b7376fcb80de5a225
SHA1: a7111830132c7f87d08fe48cb0ca07630f8cb91c
Referenced In Project/Scope:
headerbuddy:compile
File Path: /root/.m2/repository/org/ow2/asm/asm-analysis/5.0.3/asm-analysis-5.0.3.jar
MD5: f4bd5c076645f8004663cc35044fdb32
SHA1: c7126aded0e8e13fed5f913559a0dd7b770a10f3
Referenced In Project/Scope:
headerbuddy:compile
File Path: /root/.m2/repository/org/ow2/asm/asm-tree/5.0.3/asm-tree-5.0.3.jar
MD5: 94abc9b0126e1ec2c12625dfce54e32e
SHA1: 287749b48ba7162fb67c93a026d690b29f410bed
Referenced In Project/Scope:
headerbuddy:compile
File Path: /root/.m2/repository/org/ow2/asm/asm-util/5.0.3/asm-util-5.0.3.jar
MD5: 85b23e37383c7bb9200a2ad5067842e1
SHA1: 1512e5571325854b05fb1efce1db75fcced54389
Referenced In Project/Scope:
headerbuddy:compile
Description: A pure-java X86 and X86_64 assembler
License:
MIT License: http://www.opensource.org/licenses/mit-license.phpFile Path: /root/.m2/repository/com/github/jnr/jnr-x86asm/1.0.2/jnr-x86asm-1.0.2.jar
Description: A library for invoking native functions from java
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txtFile Path: /root/.m2/repository/com/github/jnr/jnr-ffi/2.0.3/jnr-ffi-2.0.3.jar
Description: A set of platform constants (e.g. errno values)
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txtFile Path: /root/.m2/repository/com/github/jnr/jnr-constants/0.8.7/jnr-constants-0.8.7.jar
Description: Native I/O access for java
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txtFile Path: /root/.m2/repository/com/github/jnr/jnr-enxio/0.9/jnr-enxio-0.9.jar
Description:
Common cross-project/cross-platform POSIX APIs
License:
Common Public License - v 1.0: http://www-128.ibm.com/developerworks/library/os-cpl.html GNU General Public License Version 2: http://www.gnu.org/copyleft/gpl.html GNU Lesser General Public License Version 2.1: http://www.gnu.org/licenses/lgpl.htmlFile Path: /root/.m2/repository/com/github/jnr/jnr-posix/3.0.12/jnr-posix-3.0.12.jar
Description: Native I/O access for java
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txtFile Path: /root/.m2/repository/com/github/jnr/jnr-unixsocket/0.8/jnr-unixsocket-0.8.jar
Description:
Commons Lang, a package of Java utility classes for the
classes that are in java.lang's hierarchy, or are considered to be so
standard as to justify existence in java.lang.
License:
http://www.apache.org/licenses/LICENSE-2.0.txtFile Path: /root/.m2/repository/commons-lang/commons-lang/2.6/commons-lang-2.6.jar
Description: The Bouncy Castle Crypto package is a Java implementation of cryptographic algorithms. This jar contains JCE provider and lightweight API for the Bouncy Castle Cryptography APIs for JDK 1.5 to JDK 1.8.
License:
Bouncy Castle Licence: http://www.bouncycastle.org/licence.htmlFile Path: /root/.m2/repository/org/bouncycastle/bcprov-jdk15on/1.52/bcprov-jdk15on-1.52.jar
Description: The Bouncy Castle Java APIs for CMS, PKCS, EAC, TSP, CMP, CRMF, OCSP, and certificate generation. This jar contains APIs for JDK 1.5 to JDK 1.8. The APIs can be used in conjunction with a JCE/JCA provider such as the one provided with the Bouncy Castle Cryptography APIs.
License:
Bouncy Castle Licence: http://www.bouncycastle.org/licence.htmlFile Path: /root/.m2/repository/org/bouncycastle/bcpkix-jdk15on/1.52/bcpkix-jdk15on-1.52.jar
Description: logback-core module
License:
http://www.eclipse.org/legal/epl-v10.html, http://www.gnu.org/licenses/old-licenses/lgpl-2.1.htmlFile Path: /root/.m2/repository/ch/qos/logback/logback-core/1.1.11/logback-core-1.1.11.jar
File Path: /root/.m2/repository/com/spotify/docker-client/8.7.1/docker-client-8.7.1-shaded.jar
MD5: 7625c7eadc067af4d6864a7d4375247d
SHA1: cc1e27e1dad3fb0bfc0b27c0377e150c88fb02c7
Referenced In Project/Scope:
headerbuddy:compile
Severity:
Medium
CVSS Score: 6.5
(AV:N/AC:L/Au:S/C:P/I:P/A:P)
CWE: CWE-264 Permissions, Privileges, and Access Controls
Rancher Labs rancher server 1.2.0+ is vulnerable to authenticated users disabling access control via an API call. This is fixed in versions rancher/server:v1.2.4, rancher/server:v1.3.5, rancher/server:v1.4.3, and rancher/server:v1.5.3.
Vulnerable Software & Versions: (show all)
File Path: /root/.m2/repository/com/google/auth/google-auth-library-credentials/0.6.0/google-auth-library-credentials-0.6.0.jar
MD5: 57707faa6fe24d7e01e203b2d39aed70
SHA1: 2f22d2cb659087aaa190990fa28854439b08b4e9
Referenced In Project/Scope:
headerbuddy:compile
Description: JSR305 Annotations for Findbugs
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txtFile Path: /root/.m2/repository/com/google/code/findbugs/jsr305/1.3.9/jsr305-1.3.9.jar
Description:
Google HTTP Client Library for Java. Functionality that works on all supported Java platforms,
including Java 5 (or higher) desktop (SE) and web (EE), Android, and Google App Engine.
File Path: /root/.m2/repository/com/google/http-client/google-http-client/1.19.0/google-http-client-1.19.0.jar
MD5: 1a306bb0bf74c9d991457723c0f8b3bf
SHA1: cdca49ad0977c040f603478aa2e16b2775c8fec6
Referenced In Project/Scope:
headerbuddy:compile
File Path: /root/.m2/repository/com/google/http-client/google-http-client-jackson2/1.19.0/google-http-client-jackson2-1.19.0.jar
MD5: a0fbd6a85362ea90d37d18ce33da4282
SHA1: 81dbf9795d387d5e80e55346582d5f2fb81a42eb
Referenced In Project/Scope:
headerbuddy:compile
File Path: /root/.m2/repository/com/google/auth/google-auth-library-oauth2-http/0.6.0/google-auth-library-oauth2-http-0.6.0.jar
MD5: 09f2d1044cbc31dd833727d5bcec07c0
SHA1: 8f25e25c8638976fe1d106f665d2b03089fe8c6e
Referenced In Project/Scope:
headerbuddy:compile
Description: config
License:
Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0File Path: /root/.m2/repository/com/typesafe/config/1.2.0/config-1.2.0.jar
Description: Model for Maven POM (Project Object Model)
File Path: /root/.m2/repository/org/apache/maven/maven-model/3.3.3/maven-model-3.3.3.jar
MD5: 8d597960f6433ff051c717c797e93eb4
SHA1: 73ba535c2e3a1381aeab131598010b3a723d4b47
Referenced In Project/Scope:
headerbuddy:compile
Description: Maven Settings model.
File Path: /root/.m2/repository/org/apache/maven/maven-settings/3.3.3/maven-settings-3.3.3.jar
MD5: 0516b7d8b2074ef63f5edbf6909e4ec3
SHA1: ee22dc01e29a0250649aef2f7f8dfe18e2d56b3b
Referenced In Project/Scope:
headerbuddy:compile
Description: Support for descriptor builders (model, setting, toolchains)
File Path: /root/.m2/repository/org/apache/maven/maven-builder-support/3.3.3/maven-builder-support-3.3.3.jar
MD5: 9a901a1fc3c85781ff78a41ce4362d01
SHA1: 0e22a6bcaa8245e834ee3bc884a0c4fee4bbd079
Referenced In Project/Scope:
headerbuddy:compile
Description: The effective settings builder, with inheritance and password decryption.
File Path: /root/.m2/repository/org/apache/maven/maven-settings-builder/3.3.3/maven-settings-builder-3.3.3.jar
MD5: e87400260744164df9eb3dc69c06d35b
SHA1: dc31f012df43b7dc0ca1b7ace6a07c05d312d04b
Referenced In Project/Scope:
headerbuddy:compile
Description: Per-directory local and remote repository metadata.
File Path: /root/.m2/repository/org/apache/maven/maven-repository-metadata/3.3.3/maven-repository-metadata-3.3.3.jar
MD5: c04f7ed90510effff54a818966941ee0
SHA1: f71036634559271d124b0d2ebe54f934f3b2feab
Referenced In Project/Scope:
headerbuddy:compile
Description: The API for plugins - Mojos - development.
File Path: /root/.m2/repository/org/apache/maven/maven-plugin-api/3.3.3/maven-plugin-api-3.3.3.jar
MD5: 69ab6f661667970818b68e834f762f1f
SHA1: 3b78a7e40707be313c4d5449ba514c9747e1c731
Referenced In Project/Scope:
headerbuddy:compile
Description: The effective model builder, with inheritance, profile activation, interpolation, ...
File Path: /root/.m2/repository/org/apache/maven/maven-model-builder/3.3.3/maven-model-builder-3.3.3.jar
MD5: 0d546dc2ec5bd45df90746f353dfe8bd
SHA1: 1f88e42b4a4ee54ff692761186bf661b257d262d
Referenced In Project/Scope:
headerbuddy:compile
Description:
The service provider interface for repository system implementations and repository connectors.
License:
http://www.eclipse.org/legal/epl-v10.htmlFile Path: /root/.m2/repository/org/eclipse/aether/aether-spi/1.0.2.v20150114/aether-spi-1.0.2.v20150114.jar
Description: Extensions to Aether for utilizing Maven POM and repository metadata.
File Path: /root/.m2/repository/org/apache/maven/maven-aether-provider/3.3.3/maven-aether-provider-3.3.3.jar
MD5: 82bb80dd4639adce62630230a54474ab
SHA1: b988852003993f2d0b18bd3dffd47a9546ac5879
Referenced In Project/Scope:
headerbuddy:compile
Description:
An implementation of the repository system.
License:
http://www.eclipse.org/legal/epl-v10.htmlFile Path: /root/.m2/repository/org/eclipse/aether/aether-impl/1.0.2.v20150114/aether-impl-1.0.2.v20150114.jar
Description:
The application programming interface for the repository system.
License:
http://www.eclipse.org/legal/epl-v10.htmlFile Path: /root/.m2/repository/org/eclipse/aether/aether-api/1.0.2.v20150114/aether-api-1.0.2.v20150114.jar
Description:
A collection of utility classes to ease usage of the repository system.
License:
http://www.eclipse.org/legal/epl-v10.htmlFile Path: /root/.m2/repository/org/eclipse/aether/aether-util/1.0.2.v20150114/aether-util-1.0.2.v20150114.jar
Description: JSR-250 Reference Implementation by Glassfish
License:
COMMON DEVELOPMENT AND DISTRIBUTION LICENSE (CDDL) Version 1.0: https://glassfish.dev.java.net/public/CDDLv1.0.htmlFile Path: /root/.m2/repository/javax/annotation/jsr250-api/1.0/jsr250-api-1.0.jar
Description: APIs for JSR-299: Contexts and Dependency Injection for Java EE
File Path: /root/.m2/repository/javax/enterprise/cdi-api/1.0/cdi-api-1.0.jar
MD5: 462c0959f0322016495f4598243bc0f2
SHA1: 44c453f60909dfc223552ace63e05c694215156b
Referenced In Project/Scope:
headerbuddy:compile
License:
http://www.eclipse.org/legal/epl-v10.htmlFile Path: /root/.m2/repository/org/eclipse/sisu/org.eclipse.sisu.inject/0.3.0/org.eclipse.sisu.inject-0.3.0.jar
License:
http://www.eclipse.org/legal/epl-v10.htmlFile Path: /root/.m2/repository/org/eclipse/sisu/org.eclipse.sisu.plexus/0.3.0/org.eclipse.sisu.plexus-0.3.0.jar
Description: The javax.inject API
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txtFile Path: /root/.m2/repository/javax/inject/javax.inject/1/javax.inject-1.jar
Description: AOP Alliance
License:
Public DomainFile Path: /root/.m2/repository/aopalliance/aopalliance/1.0/aopalliance-1.0.jar
Description: Patched build of Guice: a lightweight dependency injection framework for Java 6 and above
License:
http://www.apache.org/licenses/LICENSE-2.0.txtFile Path: /root/.m2/repository/org/sonatype/sisu/sisu-guice/3.2.5/sisu-guice-3.2.5-no_aop.jar
File Path: /root/.m2/repository/org/codehaus/plexus/plexus-interpolation/1.21/plexus-interpolation-1.21.jar
MD5: 6629656495f4e5eac4f244fe3b252ea1
SHA1: f92de59d295f16868001644acc21720f3ec9eb15
Referenced In Project/Scope:
headerbuddy:compile
Description: A collection of various utility classes to ease working with strings, files, command lines, XML and
more.
File Path: /root/.m2/repository/org/codehaus/plexus/plexus-utils/3.0.20/plexus-utils-3.0.20.jar
MD5: 938c786f2aca49b44b0cbfd39db51c5a
SHA1: e121ed37af8ee3928952f6d8a303de24e019aab0
Referenced In Project/Scope:
headerbuddy:compile
Description: A class loader framework
License:
http://www.apache.org/licenses/LICENSE-2.0.txtFile Path: /root/.m2/repository/org/codehaus/plexus/plexus-classworlds/2.5.2/plexus-classworlds-2.5.2.jar
Description:
Plexus Component "Java 5" Annotations, to describe plexus components properties in java sources with
standard annotations instead of javadoc annotations.
File Path: /root/.m2/repository/org/codehaus/plexus/plexus-component-annotations/1.5.5/plexus-component-annotations-1.5.5.jar
MD5: ef37dcdb84030422db428b63c4354e5b
SHA1: c72f2660d0cbed24246ddb55d7fdc4f7374d2078
Referenced In Project/Scope:
headerbuddy:compile
File Path: /root/.m2/repository/org/sonatype/plexus/plexus-cipher/1.4/plexus-cipher-1.4.jar
MD5: 7b2d6fcf0d5800d5b1ce09d98d98dcaf
SHA1: 50ade46f23bb38cd984b4ec560c46223432aac38
Referenced In Project/Scope:
headerbuddy:compile
File Path: /root/.m2/repository/org/sonatype/plexus/plexus-sec-dispatcher/1.3/plexus-sec-dispatcher-1.3.jar
MD5: 53160199f5667de3fca69b723173639b
SHA1: dedc02034fb8fcd7615d66593228cb71709134b4
Referenced In Project/Scope:
headerbuddy:compile
Description: Maven Core classes.
File Path: /root/.m2/repository/org/apache/maven/maven-core/3.3.3/maven-core-3.3.3.jar
MD5: 035473db50711631ac36cb2fce903901
SHA1: 448424409da7d2f87a3b260a7a589cbc2c791f6a
Referenced In Project/Scope:
headerbuddy:compile
File Path: /root/.m2/repository/org/apache/maven/maven-artifact/3.3.3/maven-artifact-3.3.3.jar
MD5: 3f011c366a0f097e10ef3349394ebacb
SHA1: d9f439dfef726e54eebb390ff38dd27356901528
Referenced In Project/Scope:
headerbuddy:compile
Description: JSch is a pure Java implementation of SSH2
License:
Revised BSD: http://www.jcraft.com/jsch/LICENSE.txtFile Path: /root/.m2/repository/com/jcraft/jsch/0.1.46/jsch-0.1.46.jar
Severity:
Medium
CVSS Score: 4.3
(AV:N/AC:M/Au:N/C:N/I:P/A:N)
CWE: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Directory traversal vulnerability in JCraft JSch before 0.1.54 on Windows, when the mode is ChannelSftp.OVERWRITE, allows remote SFTP servers to write to arbitrary files via a ..\ (dot dot backslash) in a response to a recursive GET command.
Vulnerable Software & Versions:
Description: The bit array data structure is implemented in Java as the BitSet class. Unfortunately, this fails to scale without compression.
JavaEWAH is a word-aligned compressed variant of the Java bitset class. It uses a 64-bit run-length encoding (RLE) compression scheme.
The goal of word-aligned compression is not to achieve the best compression, but rather to improve query processing time. Hence, we try to save CPU cycles, maybe at the expense of storage. However, the EWAH scheme we implemented is always more efficient storage-wise than an uncompressed bitmap (implemented in Java as the BitSet class). Unlike some alternatives, javaewah does not rely on a patented scheme.
License:
Apache 2: http://www.apache.org/licenses/LICENSE-2.0.txtFile Path: /root/.m2/repository/com/googlecode/javaewah/JavaEWAH/0.5.6/JavaEWAH-0.5.6.jar
Description:
Repository access and algorithms
File Path: /root/.m2/repository/org/eclipse/jgit/org.eclipse.jgit/3.2.0.201312181205-r/org.eclipse.jgit-3.2.0.201312181205-r.jar
MD5: e4e2326659b21e8bdfc55558c6a08e43
SHA1: 4b99546e8c8a04597b7a4564003e3b554ec12b5c
Referenced In Project/Scope:
headerbuddy:compile
Description: A maven plugin for docker
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txtFile Path: /root/.m2/repository/com/spotify/docker-maven-plugin/1.0.0/docker-maven-plugin-1.0.0.jar
Severity:
Medium
CVSS Score: 4.6
(AV:L/AC:L/Au:N/C:P/I:P/A:P)
Docker before 1.5 allows local users to have unspecified impact via vectors involving unsafe /tmp usage.
Vulnerable Software & Versions:
Severity:
High
CVSS Score: 7.2
(AV:L/AC:L/Au:N/C:C/I:C/A:C)
CWE: CWE-264 Permissions, Privileges, and Access Controls
Docker 1.0.0 uses world-readable and world-writable permissions on the management socket, which allows local users to gain privileges via unspecified vectors.
Vulnerable Software & Versions:
Severity:
Medium
CVSS Score: 5.0
(AV:N/AC:L/Au:N/C:P/I:N/A:N)
CWE: CWE-17 Code
Docker before 1.3.1 and docker-py before 0.5.3 fall back to HTTP when the HTTPS connection to the registry fails, which allows man-in-the-middle attackers to conduct downgrade attacks and obtain authentication and image data by leveraging a network position between the client and the registry to block HTTPS traffic.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 7.5
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-59 Improper Link Resolution Before File Access ('Link Following')
Docker before 1.3.2 allows remote attackers to write to arbitrary files and execute arbitrary code via a (1) symlink or (2) hard link attack in an image archive in a (a) pull or (b) load operation.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.4
(AV:N/AC:L/Au:N/C:P/I:P/A:N)
CWE: CWE-20 Improper Input Validation
Docker before 1.3.3 does not properly validate image IDs, which allows remote attackers to conduct path traversal attacks and spoof repositories via a crafted image in a (1) "docker load" operation or (2) "registry communications."
Vulnerable Software & Versions:
Severity:
High
CVSS Score: 7.2
(AV:L/AC:L/Au:N/C:C/I:C/A:C)
CWE: CWE-59 Improper Link Resolution Before File Access ('Link Following')
Libcontainer and Docker Engine before 1.6.1 opens the file-descriptor passed to the pid-1 process before performing the chroot, which allows local users to gain privileges via a symlink attack in an image.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 7.2
(AV:L/AC:L/Au:N/C:C/I:C/A:C)
CWE: CWE-264 Permissions, Privileges, and Access Controls
Docker Engine before 1.6.1 uses weak permissions for (1) /proc/asound, (2) /proc/timer_stats, (3) /proc/latency_stats, and (4) /proc/fs, which allows local users to modify the host, obtain sensitive information, and perform protocol downgrade attacks via a crafted image.
Vulnerable Software & Versions:
Severity:
Low
CVSS Score: 3.6
(AV:L/AC:L/Au:N/C:N/I:P/A:P)
CWE: CWE-264 Permissions, Privileges, and Access Controls
Docker Engine before 1.6.1 allows local users to set arbitrary Linux Security Modules (LSM) and docker_t policies via an image that allows volumes to override files in /proc.
Vulnerable Software & Versions:
Severity:
Low
CVSS Score: 2.1
(AV:L/AC:L/Au:N/C:P/I:N/A:N)
CWE: CWE-264 Permissions, Privileges, and Access Controls
libcontainer/user/user.go in runC before 0.1.0, as used in Docker before 1.11.2, improperly treats a numeric UID as a potential username, which allows local users to gain privileges via a numeric username in the password file in a container.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.3
(AV:N/AC:M/Au:N/C:N/I:N/A:P)
CWE: CWE-20 Improper Input Validation
Lack of content verification in Docker-CE (Also known as Moby) versions 1.12.6-0, 1.10.3, 17.03.0, 17.03.1, 17.03.2, 17.06.0, 17.06.1, 17.06.2, 17.09.0, and earlier allows a remote attacker to cause a Denial of Service via a crafted image layer payload, aka gzip bombing.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.5
(AV:N/AC:L/Au:S/C:P/I:P/A:P)
CWE: CWE-264 Permissions, Privileges, and Access Controls
Rancher Labs rancher server 1.2.0+ is vulnerable to authenticated users disabling access control via an API call. This is fixed in versions rancher/server:v1.2.4, rancher/server:v1.3.5, rancher/server:v1.4.3, and rancher/server:v1.5.3.
Vulnerable Software & Versions: (show all)
Description: MySQL JDBC Type 4 driver
License:
The GNU General Public License, Version 2: http://www.gnu.org/licenses/old-licenses/gpl-2.0.htmlFile Path: /root/.m2/repository/mysql/mysql-connector-java/5.1.44/mysql-connector-java-5.1.44.jar
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The executable comment feature in MySQL 5.0.x before 5.0.93 and 5.1.x before 5.1.50, when running in certain slave configurations in which the slave is running a newer version than the master, allows remote attackers to execute arbitrary SQL commands via custom comments.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 5.0
(AV:N/AC:L/Au:N/C:N/I:P/A:N)
CWE: CWE-264 Permissions, Privileges, and Access Controls
The mysql_uninstall_plugin function in sql/sql_plugin.cc in MySQL 5.1 before 5.1.46 does not check privileges before uninstalling a plugin, which allows remote attackers to uninstall arbitrary plugins via the UNINSTALL PLUGIN command.
Vulnerable Software & Versions:
Severity:
Low
CVSS Score: 3.6
(AV:L/AC:L/Au:N/C:N/I:P/A:P)
CWE: CWE-59 Improper Link Resolution Before File Access ('Link Following')
MySQL before 5.1.46 allows local users to delete the data and index files of another user's MyISAM table via a symlink attack in conjunction with the DROP TABLE command, a different vulnerability than CVE-2008-4098 and CVE-2008-7247.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.5
(AV:N/AC:L/Au:S/C:P/I:P/A:P)
CWE: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Directory traversal vulnerability in MySQL 5.0 through 5.0.91 and 5.1 before 5.1.47 allows remote authenticated users to bypass intended table grants to read field definitions of arbitrary tables, and on 5.1 to read or delete content of arbitrary tables, via a .. (dot dot) in a table name.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 5.0
(AV:N/AC:L/Au:N/C:N/I:N/A:P)
The my_net_skip_rest function in sql/net_serv.cc in MySQL 5.0 through 5.0.91 and 5.1 before 5.1.47 allows remote attackers to cause a denial of service (CPU and bandwidth consumption) by sending a large number of packets that exceed the maximum length.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.0
(AV:N/AC:M/Au:S/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
Buffer overflow in MySQL 5.0 through 5.0.91 and 5.1 before 5.1.47 allows remote authenticated users to execute arbitrary code via a COM_FIELD_LIST command with a long table name.
Vulnerable Software & Versions: (show all)
Severity:
Low
CVSS Score: 3.5
(AV:N/AC:M/Au:S/C:N/I:N/A:P)
CWE: CWE-20 Improper Input Validation
MySQL before 5.1.48 allows remote authenticated users with alter database privileges to cause a denial of service (server crash and database loss) via an ALTER DATABASE command with a #mysql50# string followed by a . (dot), .. (dot dot), ../ (dot dot slash) or similar sequence, and an UPGRADE DATA DIRECTORY NAME command, which causes MySQL to move certain directories to the server data directory.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:N/I:N/A:P)
storage/innobase/dict/dict0crea.c in mysqld in Oracle MySQL 5.1 before 5.1.49 allows remote authenticated users to cause a denial of service (assertion failure) by modifying the (1) innodb_file_format or (2) innodb_file_per_table configuration parameters for the InnoDB storage engine, then executing a DDL statement.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:N/I:N/A:P)
CWE: CWE-399 Resource Management Errors
Oracle MySQL 5.1 before 5.1.49 and 5.0 before 5.0.92 allows remote authenticated users to cause a denial of service (mysqld daemon crash) via a join query that uses a table with a unique SET column.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:N/I:N/A:P)
CWE: CWE-399 Resource Management Errors
Oracle MySQL 5.1 before 5.1.49 allows remote authenticated users to cause a denial of service (crash) via (1) IN or (2) CASE operations with NULL arguments that are explicitly specified or indirectly provided by the WITH ROLLUP modifier.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:N/I:N/A:P)
CWE: CWE-399 Resource Management Errors
Oracle MySQL 5.1 before 5.1.49 allows remote authenticated users to cause a denial of service (mysqld daemon crash) via certain arguments to the BINLOG command, which triggers an access of uninitialized memory, as demonstrated by valgrind.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:N/I:N/A:P)
Oracle MySQL 5.1 before 5.1.49 allows remote authenticated users to cause a denial of service (mysqld daemon crash) by creating temporary tables with nullable columns while using InnoDB, which triggers an assertion failure.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:N/I:N/A:P)
Oracle MySQL 5.1 before 5.1.49 and 5.5 before 5.5.5 allows remote authenticated users to cause a denial of service (mysqld daemon crash) by using the HANDLER interface and performing "alternate reads from two indexes on a table," which triggers an assertion failure.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:N/I:N/A:P)
Oracle MySQL 5.1 before 5.1.49 and 5.0 before 5.0.92 allows remote authenticated users to cause a denial of service (mysqld daemon crash) by using EXPLAIN with crafted "SELECT ... UNION ... ORDER BY (SELECT ... WHERE ...)" statements, which triggers a NULL pointer dereference in the Item_singlerow_subselect::store function.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:N/I:N/A:P)
Oracle MySQL 5.1 before 5.1.49 and 5.5 before 5.5.5 sends an OK packet when a LOAD DATA INFILE request generates SQL errors, which allows remote authenticated users to cause a denial of service (mysqld daemon crash) via a crafted request.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 5.0
(AV:N/AC:L/Au:N/C:N/I:N/A:P)
CWE: CWE-399 Resource Management Errors
MySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6 does not properly propagate type errors, which allows remote attackers to cause a denial of service (server crash) via crafted arguments to extreme-value functions such as (1) LEAST and (2) GREATEST, related to KILL_BAD_DATA and a "CREATE TABLE ... SELECT."
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in MySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (server crash) via vectors related to "materializing a derived table that required a temporary table for grouping" and "user variable assignments."
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:N/I:N/A:P)
CWE: CWE-189 Numeric Errors
MySQL 5.1 before 5.1.51 and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (mysqld server crash) by performing a user-variable assignment in a logical expression that is calculated and stored in a temporary table for GROUP BY, then causing the expression value to be used after the table is created, which causes the expression to be re-evaluated instead of accessing its value from the table.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:N/I:N/A:P)
CWE: CWE-399 Resource Management Errors
MySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (assertion failure and server crash) via vectors related to view preparation, pre-evaluation of LIKE predicates, and IN Optimizers.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:N/I:N/A:P)
CWE: CWE-399 Resource Management Errors
MySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (server crash) via a prepared statement that uses GROUP_CONCAT with the WITH ROLLUP modifier, probably triggering a use-after-free error when a copied object is modified in a way that also affects the original object.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:N/I:N/A:P)
MySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (server crash) via a query that uses the (1) GREATEST or (2) LEAST function with a mixed list of numeric and LONGBLOB arguments, which is not properly handled when the function's result is "processed using an intermediate temporary table."
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:N/I:N/A:P)
MySQL 5.1 before 5.1.51 and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (infinite loop) via multiple invocations of a (1) prepared statement or (2) stored procedure that creates a query with nested JOIN statements.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:N/I:N/A:P)
The Gis_line_string::init_from_wkb function in sql/spatial.cc in MySQL 5.1 before 5.1.51 allows remote authenticated users to cause a denial of service (server crash) by calling the PolyFromWKB function with Well-Known Binary (WKB) data containing a crafted number of (1) line strings or (2) line points.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 5.0
(AV:N/AC:L/Au:N/C:N/I:N/A:P)
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote attackers to affect availability via unknown vectors.
Vulnerable Software & Versions: (show all)
Severity:
Low
CVSS Score: 1.7
(AV:N/AC:H/Au:M/C:N/I:P/A:N)
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x, 5.1.x, and 5.5.x allows remote authenticated users to affect integrity via unknown vectors.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x and 5.1.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0101 and CVE-2012-0102.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x and 5.1.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0087 and CVE-2012-0102.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x and 5.1.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0087 and CVE-2012-0101.
Vulnerable Software & Versions: (show all)
Severity:
Low
CVSS Score: 3.5
(AV:N/AC:M/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0115, CVE-2012-0119, CVE-2012-0120, CVE-2012-0485, and CVE-2012-0492.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 5.5
(AV:N/AC:L/Au:S/C:P/I:N/A:P)
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect confidentiality and availability via unknown vectors, a different vulnerability than CVE-2012-0118.
Vulnerable Software & Versions: (show all)
Severity:
Low
CVSS Score: 3.0
(AV:L/AC:M/Au:S/C:P/I:P/A:N)
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x, 5.1.x, and 5.5.x allows local users to affect confidentiality and integrity via unknown vectors.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0112, CVE-2012-0119, CVE-2012-0120, CVE-2012-0485, and CVE-2012-0492.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.9
(AV:N/AC:M/Au:S/C:P/I:P/A:N)
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect confidentiality and integrity via unknown vectors.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.9
(AV:N/AC:M/Au:S/C:P/I:N/A:P)
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect confidentiality and availability via unknown vectors, a different vulnerability than CVE-2012-0113.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0112, CVE-2012-0115, CVE-2012-0120, CVE-2012-0485, and CVE-2012-0492.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0112, CVE-2012-0115, CVE-2012-0119, CVE-2012-0485, and CVE-2012-0492.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:P/I:N/A:N)
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x, 5.1.x, and 5.5.x allows remote authenticated users to affect confidentiality via unknown vectors.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0112, CVE-2012-0115, CVE-2012-0119, CVE-2012-0120, and CVE-2012-0492.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x, 5.1.x, and 5.5.x allows remote authenticated users to affect availability via unknown vectors.
Vulnerable Software & Versions: (show all)
Severity:
Low
CVSS Score: 2.1
(AV:N/AC:H/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0112, CVE-2012-0115, CVE-2012-0119, CVE-2012-0120, and CVE-2012-0485.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in Oracle MySQL Server 5.1.62 and earlier and 5.5.23 and earlier allows remote authenticated users to affect availability, related to GIS Extension.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 7.5
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
Buffer overflow in yaSSL, as used in MySQL 5.1.x before 5.1.68 and 5.5.x before 5.5.28, has unspecified impact and attack vectors, a different vulnerability than CVE-2013-1492.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier and 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.5.28 and earlier, allows remote authenticated users to affect availability via unknown vectors.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.60 and earlier, and 5.5.19 and earlier, allows remote authenticated users to affect availability, related to MyISAM.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 7.5
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
Buffer overflow in yaSSL, as used in MySQL 5.5.20 and possibly other versions including 5.5.x before 5.5.22 and 5.1.x before 5.1.62, allows remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by VulnDisco Pack Professional 9.17. NOTE: as of 20120224, this disclosure has no actionable information. However, because the module author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. NOTE: due to lack of details, it is not clear whether this issue is a duplicate of CVE-2012-0492 or another CVE.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.61 and earlier, and 5.5.21 and earlier, allows remote authenticated users to affect availability, related to Server DML.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in Oracle MySQL Server 5.1.62 and earlier, and 5.5.22 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.61 and earlier, and 5.5.21 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer, a different vulnerability than CVE-2012-1703.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.19 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.21 and earlier allows remote authenticated users to affect availability via unknown vectors related to Partition.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 5.0
(AV:N/AC:L/Au:N/C:N/I:N/A:P)
Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier and 5.5.28 and earlier allows remote attackers to affect availability via unknown vectors.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:L/Au:S/C:N/I:N/A:C)
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.61 and earlier, and 5.5.21 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer, a different vulnerability than CVE-2012-1690.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier and 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in Oracle MySQL Server 5.1.62 and earlier, and 5.5.23 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:L/Au:S/C:N/I:N/A:C)
Unspecified vulnerability in Oracle MySQL Server 5.5.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in Oracle MySQL Server 5.5.23 and earlier allows remote authenticated users to affect availability via unknown vectors.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in Oracle MySQL Server 5.5.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.
Vulnerable Software & Versions: (show all)
Severity:
Low
CVSS Score: 3.5
(AV:N/AC:M/Au:S/C:N/I:N/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
MySQL 5.1.x before 5.1.62 and 5.5.x before 5.5.22 allows remote authenticated users to cause a denial of service (assertion failure and mysqld abort) by deleting a record and using HANDLER READ NEXT.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:N/I:N/A:P)
CWE: CWE-399 Resource Management Errors
MySQL 5.1.x before 5.1.63 and 5.5.x before 5.5.24 allows remote authenticated users to cause a denial of service (mysqld crash) via vectors related to incorrect calculation and a sort order index.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.4
(AV:N/AC:L/Au:N/C:N/I:P/A:P)
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.26 and earlier allows remote attackers to affect integrity and availability, related to MySQL Client.
Vulnerable Software & Versions: (show all)
Severity:
Low
CVSS Score: 3.5
(AV:N/AC:M/Au:S/C:P/I:N/A:N)
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.26 and earlier allows remote authenticated users to affect confidentiality, related to MySQL Client.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier, and 5.5.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.
Vulnerable Software & Versions: (show all)
Severity:
Low
CVSS Score: 3.5
(AV:N/AC:M/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.25 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 7.5
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier, and 5.5.26 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Protocol.
Vulnerable Software & Versions: (show all)
Severity:
Low
CVSS Score: 2.1
(AV:L/AC:L/Au:N/C:P/I:N/A:N)
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.65 and earlier, and 5.5.27 and earlier, allows local users to affect confidentiality via unknown vectors related to Server Installation.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 9.0
(AV:N/AC:L/Au:S/C:C/I:C/A:C)
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier, and 5.5.26 and earlier, allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Information Schema.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.63 and earlier, and 5.5.25 and earlier, allows remote authenticated users to affect availability via unknown vectors related to InnoDB.
Vulnerable Software & Versions: (show all)
Severity:
Low
CVSS Score: 3.5
(AV:N/AC:M/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.63 and earlier, and 5.5.25 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Full Text Search.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.63 and earlier, and 5.5.25 and earlier, allows remote authenticated users to affect availability via unknown vectors related to InnoDB Plugin.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:L/Au:S/C:N/I:N/A:C)
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.65 and earlier, and 5.5.27 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.65 and earlier, and 5.5.27 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.
Vulnerable Software & Versions: (show all)
Severity:
Low
CVSS Score: 3.5
(AV:N/AC:M/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier, and 5.5.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Replication.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.5
(AV:N/AC:L/Au:S/C:P/I:P/A:P)
CWE: CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Multiple SQL injection vulnerabilities in the replication code in Oracle MySQL possibly before 5.5.29, and MariaDB 5.1.x through 5.1.62, 5.2.x through 5.2.12, 5.3.x through 5.3.7, and 5.5.x through 5.5.25, allow remote authenticated users to execute arbitrary SQL commands via vectors related to the binary log. NOTE: as of 20130116, Oracle has not commented on claims from a downstream vendor that the fix in MySQL 5.5.29 is incomplete.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:L/Au:S/C:N/I:N/A:C)
Unspecified vulnerability in the Server component in Oracle MySQL 5.1.65 and earlier and 5.5.27 and earlier allows remote authenticated users to affect availability, related to GIS Extension.
Vulnerable Software & Versions: (show all)
Severity:
Low
CVSS Score: 3.5
(AV:N/AC:M/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users with Server Privileges to affect availability via unknown vectors.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:P/I:N/A:N)
CWE: CWE-255 Credentials Management
Oracle MySQL and MariaDB 5.5.x before 5.5.29, 5.3.x before 5.3.12, and 5.2.x before 5.2.14 does not modify the salt during multiple executions of the change_user command within the same connection which makes it easier for remote authenticated users to conduct brute force password guessing attacks.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Partition.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users to affect availability, related to MyISAM.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 5.5
(AV:N/AC:L/Au:S/C:P/I:P/A:N)
CWE: CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.1.28 and earlier, allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Server Replication.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.3
(AV:N/AC:M/Au:N/C:N/I:N/A:P)
Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.5.28 and earlier, allows remote attackers to affect availability via unknown vectors related to Server Locking.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:L/Au:S/C:N/I:N/A:C)
Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.5.28 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Information Schema.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.6
(AV:L/AC:L/Au:N/C:C/I:C/A:N)
Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.5.28 and earlier, allows local users to affect confidentiality and integrity via unknown vectors related to Server Replication.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:L/Au:S/C:N/I:N/A:C)
Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to Stored Procedure.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:L/Au:S/C:N/I:N/A:C)
Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.5.28 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 7.5
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
Buffer overflow in yaSSL, as used in MySQL 5.1.x before 5.1.68 and 5.5.x before 5.5.30, has unspecified impact and attack vectors, a different vulnerability than CVE-2012-0553.
Vulnerable Software & Versions: (show all)
Severity:
Low
CVSS Score: 1.5
(AV:L/AC:M/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in Oracle MySQL 5.5.30 and earlier and 5.6.9 and earlier allows local users to affect availability via unknown vectors related to Server Partition.
Vulnerable Software & Versions: (show all)
Severity:
Low
CVSS Score: 2.8
(AV:N/AC:M/Au:M/C:N/I:N/A:P)
Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier, 5.5.29 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Locking.
Vulnerable Software & Versions: (show all)
Severity:
Low
CVSS Score: 3.5
(AV:N/AC:M/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in Oracle MySQL 5.5.30 and earlier and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in Oracle MySQL 5.5.29 and earlier allows remote authenticated users to affect availability via unknown vectors related to Data Manipulation Language.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.5
(AV:N/AC:L/Au:S/C:P/I:P/A:P)
Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier and 5.5.29 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Server Locking.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.6
(AV:N/AC:H/Au:S/C:P/I:P/A:P)
Unspecified vulnerability in Oracle MySQL 5.5.29 and earlier and 5.6.10 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Server Optimizer.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in Oracle MySQL 5.5.29 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Replication.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.0
(AV:N/AC:M/Au:S/C:P/I:P/A:P)
Unspecified vulnerability in Oracle MySQL 5.1.66 and earlier and 5.5.28 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Server Privileges.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Information Schema.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Data Manipulation Language.
Vulnerable Software & Versions: (show all)
Severity:
Low
CVSS Score: 3.5
(AV:N/AC:M/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in Oracle MySQL 5.1.63 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Types.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.0
(AV:N/AC:M/Au:S/C:P/I:P/A:P)
Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier and 5.5.29 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier, and 5.5.29 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Partition.
Vulnerable Software & Versions: (show all)
Severity:
Low
CVSS Score: 3.5
(AV:N/AC:M/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in Oracle MySQL 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.
Vulnerable Software & Versions: (show all)
Severity:
Low
CVSS Score: 3.5
(AV:N/AC:M/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in Oracle MySQL 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Data Manipulation Language, a different vulnerability than CVE-2013-2395.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 5.0
(AV:N/AC:L/Au:N/C:N/I:N/A:P)
Unspecified vulnerability in Oracle MySQL 5.6.10 and earlier allows remote attackers to affect availability via unknown vectors related to MemCached.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.0
(AV:N/AC:M/Au:S/C:P/I:P/A:P)
Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in Oracle MySQL 5.5.30 and earlier and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Stored Procedure.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.0
(AV:N/AC:M/Au:S/C:P/I:P/A:P)
Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier, 5.5.29 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Information Schema.
Vulnerable Software & Versions: (show all)
Severity:
Low
CVSS Score: 3.5
(AV:N/AC:M/Au:S/C:N/I:P/A:N)
Unspecified vulnerability in Oracle MySQL 5.6.10 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Server Privileges.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.
Vulnerable Software & Versions: (show all)
Severity:
Low
CVSS Score: 3.0
(AV:L/AC:M/Au:S/C:P/I:P/A:N)
Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 and earlier allows local users to affect confidentiality and integrity via unknown vectors related to Server Install.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:L/Au:S/C:N/I:N/A:C)
Unspecified vulnerability in Oracle MySQL 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Data Manipulation Language, a different vulnerability than CVE-2013-1567.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.31 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Parser.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Data Manipulation Language.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.30 and earlier and 5.6.10 allows remote authenticated users to affect availability via unknown vectors related to Server Partition.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Data Manipulation Language.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 5.8
(AV:N/AC:M/Au:N/C:N/I:P/A:P)
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote attackers to affect integrity and availability via unknown vectors related to MemCached.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 5.0
(AV:N/AC:L/Au:N/C:N/I:N/A:P)
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.30 and earlier and 5.6.10 allows remote authenticated users to affect availability via unknown vectors related to Server Options.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Full Text Search.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.30 and earlier and 5.6.10 allows remote authenticated users to affect availability via unknown vectors related to Prepared Statements.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB, a different vulnerability than CVE-2013-3811.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:H/Au:N/C:P/I:P/A:N)
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote attackers to affect confidentiality and integrity via unknown vectors related to Server Privileges.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 allows remote authenticated users to affect availability via unknown vectors related to Server Options.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:N/I:P/A:N)
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Audit Log.
Vulnerable Software & Versions: (show all)
Severity:
Low
CVSS Score: 3.5
(AV:N/AC:M/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to XA Transactions.
Vulnerable Software & Versions: (show all)
Severity:
Low
CVSS Score: 3.5
(AV:N/AC:M/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB, a different vulnerability than CVE-2013-3806.
Vulnerable Software & Versions: (show all)
Severity:
Low
CVSS Score: 3.5
(AV:N/AC:M/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Replication.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.70 and earlier, 5.5.32 and earlier, and 5.6.12 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.12 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.
Vulnerable Software & Versions: (show all)
Severity:
Low
CVSS Score: 2.1
(AV:N/AC:H/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Locking.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in Oracle MySQL Server 5.6.12 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB, a different vulnerability than CVE-2013-5793.
Vulnerable Software & Versions: (show all)
Severity:
Low
CVSS Score: 3.5
(AV:N/AC:M/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in Oracle MySQL Server 5.6.12 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB, a different vulnerability than CVE-2013-5786.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:L/Au:S/C:N/I:N/A:C)
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.14 and earlier allows remote authenticated users to affect availability via vectors related to GIS.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB, a different vulnerability than CVE-2014-0431.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:L/Au:S/C:N/I:N/A:C)
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Stored Procedures.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.33 and earlier and 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Partition.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.
Vulnerable Software & Versions: (show all)
Severity:
Low
CVSS Score: 2.6
(AV:N/AC:H/Au:N/C:N/I:N/A:P)
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier allows remote attackers to affect availability via unknown vectors related to Error Handling.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via vectors related to XML.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier, 5.5.33 and earlier, and 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.
Vulnerable Software & Versions: (show all)
Severity:
Low
CVSS Score: 3.3
(AV:N/AC:L/Au:M/C:N/I:P/A:N)
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier, 5.5.33 and earlier, and 5.6.13 and earlier allows remote authenticated users to affect integrity via unknown vectors related to InnoDB.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier, 5.5.33 and earlier, and 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Locking.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.
Vulnerable Software & Versions: (show all)
Severity:
Low
CVSS Score: 2.8
(AV:N/AC:M/Au:M/C:N/I:N/A:P)
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.34 and earlier, and 5.6.14 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Replication.
Vulnerable Software & Versions: (show all)
Severity:
Low
CVSS Score: 3.5
(AV:N/AC:M/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.13 and earlier allows remote authenticated users to affect availability via vectors related to FTS.
Vulnerable Software & Versions: (show all)
Severity:
Low
CVSS Score: 2.8
(AV:N/AC:M/Au:M/C:N/I:N/A:P)
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Performance Schema.
Vulnerable Software & Versions: (show all)
Severity:
Low
CVSS Score: 3.5
(AV:N/AC:M/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB, a different vulnerability than CVE-2013-5881.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.3
(AV:N/AC:M/Au:N/C:N/I:N/A:P)
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.13 and earlier allows remote attackers to affect availability via unknown vectors related to Thread Pooling.
Vulnerable Software & Versions: (show all)
Severity:
Low
CVSS Score: 3.5
(AV:N/AC:M/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in Oracle MySQL Server 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Partition.
Vulnerable Software & Versions: (show all)
Severity:
Low
CVSS Score: 3.5
(AV:N/AC:M/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in Oracle MySQL Server 5.5.36 and earlier and 5.6.16 and earlier allows remote authenticated users to affect availability via unknown vectors related to Performance Schema.
Vulnerable Software & Versions: (show all)
Severity:
Low
CVSS Score: 2.6
(AV:N/AC:H/Au:N/C:N/I:N/A:P)
Unspecified vulnerability in Oracle MySQL Server 5.5.36 and earlier and 5.6.16 and earlier allows remote attackers to affect availability via unknown vectors related to Options.
Vulnerable Software & Versions: (show all)
Severity:
Low
CVSS Score: 2.8
(AV:N/AC:M/Au:M/C:N/I:N/A:P)
Unspecified vulnerability Oracle the MySQL Server component 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Federated.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in Oracle MySQL Server 5.6.15 and earlier allows remote authenticated users to affect availability via vectors related to DML.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in Oracle MySQL Server 5.6.16 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.0
(AV:N/AC:M/Au:S/C:P/I:P/A:P)
Unspecified vulnerability in Oracle MySQL Server 5.5.36 and earlier and 5.6.16 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to RBR.
Vulnerable Software & Versions: (show all)
Severity:
Low
CVSS Score: 3.5
(AV:N/AC:M/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in Oracle MySQL Server 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Replication.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in Oracle MySQL Server 5.6.15 and earlier allows remote authenticated users to affect availability via vectors related to MyISAM.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.5
(AV:N/AC:L/Au:S/C:P/I:P/A:P)
Unspecified vulnerability in Oracle MySQL Server 5.6.15 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to InnoDB.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in Oracle MySQL Server 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.
Vulnerable Software & Versions: (show all)
Severity:
Low
CVSS Score: 3.5
(AV:N/AC:M/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in Oracle MySQL Server 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Privileges.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.5
(AV:N/AC:L/Au:S/C:P/I:P/A:P)
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.17 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to SRFTS.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier allows remote authenticated users to affect availability via vectors related to ENARC.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier allows remote authenticated users to affect availability via vectors related to SROPTZR.
Vulnerable Software & Versions: (show all)
Severity:
Low
CVSS Score: 3.3
(AV:N/AC:L/Au:M/C:N/I:N/A:P)
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.17 and earlier allows remote authenticated users to affect availability via vectors related to SRSP.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.17 and earlier allows remote authenticated users to affect availability via vectors related to SRREP.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.17 and earlier allows remote authenticated users to affect availability via vectors related to SROPTZR.
Vulnerable Software & Versions: (show all)
Severity:
Low
CVSS Score: 3.6
(AV:L/AC:L/Au:N/C:P/I:P/A:N)
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.6.17 and earlier allows local users to affect confidentiality and integrity via vectors related to SRREP.
Vulnerable Software & Versions: (show all)
Severity:
Low
CVSS Score: 2.8
(AV:N/AC:M/Au:M/C:N/I:N/A:P)
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via vectors related to ENFED.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.5
(AV:N/AC:L/Au:S/C:P/I:P/A:P)
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier and 5.6.17 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to SRINFOSC.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 5.5
(AV:N/AC:L/Au:S/C:N/I:P/A:P)
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier, and 5.6.17 and earlier, allows remote authenticated users to affect integrity and availability via vectors related to SRCHAR.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.1
(AV:L/AC:M/Au:S/C:P/I:P/A:P)
Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allows local users to affect confidentiality, integrity, and availability via vectors related to SERVER:MyISAM.
Vulnerable Software & Versions: (show all)
Severity:
Low
CVSS Score: 3.3
(AV:N/AC:L/Au:M/C:N/I:N/A:P)
Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:REPLICATION ROW FORMAT BINARY LOG DML.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:INNODB DML FOREIGN KEYS.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:L/Au:S/C:N/I:N/A:C)
Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:OPTIMIZER.
Vulnerable Software & Versions: (show all)
Severity:
Low
CVSS Score: 3.5
(AV:N/AC:M/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in Oracle MySQL Server 5.6.19 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:MEMCACHED.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.3
(AV:N/AC:M/Au:N/C:N/I:P/A:N)
Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote attackers to affect integrity via vectors related to SERVER:SSL:yaSSL.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote authenticated users to affect availability via vectors related to SERVER:DML.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 5.5
(AV:N/AC:L/Au:S/C:N/I:P/A:P)
Unspecified vulnerability in Oracle MySQL Server 5.6.19 and earlier allows remote authenticated users to affect integrity and availability via vectors related to SERVER:SP.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 7.5
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to SERVER:SSL:yaSSL, a different vulnerability than CVE-2014-6500.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.3
(AV:N/AC:M/Au:N/C:N/I:N/A:P)
Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote attackers to affect availability via vectors related to CLIENT:SSL:yaSSL, a different vulnerability than CVE-2014-6496.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.3
(AV:N/AC:M/Au:N/C:N/I:N/A:P)
Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote attackers to affect availability via vectors related to SERVER:SSL:yaSSL.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.3
(AV:N/AC:M/Au:N/C:N/I:N/A:P)
Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote attackers to affect availability via vectors related to CLIENT:SSL:yaSSL, a different vulnerability than CVE-2014-6494.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 7.5
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to SERVER:SSL:yaSSL, a different vulnerability than CVE-2014-6491.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote authenticated users to affect availability via vectors related to SERVER:MEMORY STORAGE ENGINE.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 8.0
(AV:N/AC:L/Au:S/C:P/I:P/A:C)
Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to SERVER:DML.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:DDL.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.5
(AV:N/AC:L/Au:S/C:P/I:P/A:P)
Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to CLIENT:MYSQLDUMP.
Vulnerable Software & Versions: (show all)
Severity:
Low
CVSS Score: 2.1
(AV:L/AC:L/Au:N/C:P/I:N/A:N)
Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allows local users to affect confidentiality via vectors related to CLIENT:MYSQLADMIN.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.5
(AV:N/AC:L/Au:S/C:P/I:P/A:P)
Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to SERVER:DML.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.3
(AV:N/AC:M/Au:N/C:P/I:N/A:N)
Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote attackers to affect confidentiality via vectors related to C API SSL CERTIFICATE HANDLING.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in Oracle MySQL Server 5.6.19 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:INNODB FULLTEXT SEARCH DML.
Vulnerable Software & Versions: (show all)
Severity:
Low
CVSS Score: 3.5
(AV:N/AC:M/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier, and 5.6.21 and earlier, allows remote authenticated users to affect availability via vectors related to Server : InnoDB : DML.
Vulnerable Software & Versions: (show all)
Severity:
Low
CVSS Score: 3.5
(AV:N/AC:M/Au:S/C:P/I:N/A:N)
Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Security : Privileges : Foreign Key.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.3
(AV:N/AC:M/Au:N/C:N/I:N/A:P)
Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote attackers to affect availability via unknown vectors related to Server : Replication, a different vulnerability than CVE-2015-0382.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.3
(AV:N/AC:M/Au:N/C:N/I:N/A:P)
Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote attackers to affect availability via unknown vectors related to Server : Replication, a different vulnerability than CVE-2015-0381.
Vulnerable Software & Versions: (show all)
Severity:
Low
CVSS Score: 3.5
(AV:N/AC:M/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in Oracle MySQL Server 5.6.21 and earlier allows remote authenticated users to affect availability via unknown vectors related to Pluggable Auth.
Vulnerable Software & Versions:
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote authenticated users to affect availability via vectors related to DDL.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via unknown vectors related to XA.
Vulnerable Software & Versions:
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in Oracle MySQL Server 5.6.21 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 7.5
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier, and 5.6.21 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Server : Security : Encryption.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier allows remote authenticated users to affect availability via vectors related to Server : InnoDB : DDL : Foreign Key.
Vulnerable Software & Versions:
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote authenticated users to affect availability via vectors related to InnoDB : DML.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition.
Vulnerable Software & Versions:
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB, a different vulnerability than CVE-2015-4756.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Encryption.
Vulnerable Software & Versions: (show all)
Severity:
Low
CVSS Score: 1.7
(AV:N/AC:H/Au:M/C:N/I:N/A:P)
Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Replication.
Vulnerable Software & Versions:
Severity:
Low
CVSS Score: 3.5
(AV:N/AC:M/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Federated.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 5.7
(AV:N/AC:M/Au:M/C:N/I:N/A:C)
Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Compiling.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition.
Vulnerable Software & Versions:
Severity:
Low
CVSS Score: 3.5
(AV:N/AC:M/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect availability via vectors related to DDL.
Vulnerable Software & Versions: (show all)
Severity:
Low
CVSS Score: 3.5
(AV:N/AC:M/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB, a different vulnerability than CVE-2015-0508.
Vulnerable Software & Versions:
Severity:
Low
CVSS Score: 3.5
(AV:N/AC:M/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Memcached.
Vulnerable Software & Versions:
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB, a different vulnerability than CVE-2015-0506.
Vulnerable Software & Versions:
Severity:
Low
CVSS Score: 2.8
(AV:N/AC:M/Au:M/C:N/I:N/A:P)
Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : SP.
Vulnerable Software & Versions:
Severity:
Low
CVSS Score: 2.8
(AV:N/AC:M/Au:M/C:N/I:N/A:P)
Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via vectors related to DML.
Vulnerable Software & Versions:
Severity:
Low
CVSS Score: 3.5
(AV:N/AC:M/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Privileges.
Vulnerable Software & Versions:
Severity:
Medium
CVSS Score: 5.0
(AV:N/AC:L/Au:N/C:N/I:N/A:P)
Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote attackers to affect availability via unknown vectors related to Server : Security : Privileges.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote authenticated users to affect availability via vectors related to DDL.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to GIS.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to DML.
Vulnerable Software & Versions:
Severity:
Medium
CVSS Score: 6.5
(AV:N/AC:L/Au:S/C:P/I:P/A:P)
Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Partition.
Vulnerable Software & Versions:
Severity:
Medium
CVSS Score: 4.3
(AV:N/AC:M/Au:N/C:P/I:N/A:N)
Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.23 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Security : Privileges.
Vulnerable Software & Versions: (show all)
Severity:
Low
CVSS Score: 3.5
(AV:N/AC:M/Au:S/C:N/I:P/A:N)
Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Server : Security : Firewall.
Vulnerable Software & Versions:
Severity:
Low
CVSS Score: 3.5
(AV:N/AC:M/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Privileges.
Vulnerable Software & Versions:
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to DML.
Vulnerable Software & Versions: (show all)
Severity:
Low
CVSS Score: 2.1
(AV:L/AC:L/Au:N/C:N/I:N/A:P)
Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows local users to affect availability via unknown vectors related to Client.
Vulnerable Software & Versions:
Severity:
Medium
CVSS Score: 4.3
(AV:N/AC:M/Au:N/C:N/I:P/A:N)
CWE: CWE-284 Improper Access Control
Oracle MySQL before 5.7.3, Oracle MySQL Connector/C (aka libmysqlclient) before 6.1.3, and MariaDB before 5.5.44 use the --ssl option to mean that SSL is optional, which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack, aka a "BACKRONYM" attack.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 5.0
(AV:N/AC:L/Au:N/C:N/I:N/A:P)
crypto/rsa/rsa_ameth.c in OpenSSL 1.0.1 before 1.0.1q and 1.0.2 before 1.0.2e allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an RSA PSS ASN.1 signature that lacks a mask generation function parameter.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in Oracle MySQL 5.6.20 and earlier allows remote authenticated users to affect availability via unknown vectors related to Types.
Vulnerable Software & Versions:
Severity:
Low
CVSS Score: 3.5
(AV:N/AC:M/Au:S/C:P/I:N/A:N)
Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Pluggable Auth.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to Server : I_S.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB, a different vulnerability than CVE-2015-0439.
Vulnerable Software & Versions:
Severity:
Low
CVSS Score: 3.5
(AV:N/AC:M/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier and 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer.
Vulnerable Software & Versions: (show all)
Severity:
Low
CVSS Score: 3.5
(AV:N/AC:M/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Memcached.
Vulnerable Software & Versions:
Severity:
Low
CVSS Score: 1.9
(AV:L/AC:M/Au:N/C:N/I:N/A:P)
Unspecified vulnerability in Oracle MySQL Server 5.6.25 and earlier allows local users to affect availability via unknown vectors related to Server : Security : Firewall.
Vulnerable Software & Versions:
Severity:
Low
CVSS Score: 1.7
(AV:N/AC:H/Au:M/C:N/I:N/A:P)
Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Firewall, a different vulnerability than CVE-2015-4769.
Vulnerable Software & Versions:
Severity:
Low
CVSS Score: 3.5
(AV:N/AC:M/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Firewall, a different vulnerability than CVE-2015-4767.
Vulnerable Software & Versions:
Severity:
Low
CVSS Score: 3.5
(AV:N/AC:M/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to RBR.
Vulnerable Software & Versions:
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition.
Vulnerable Software & Versions:
Severity:
Low
CVSS Score: 3.5
(AV:N/AC:M/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Privileges.
Vulnerable Software & Versions:
Severity:
Low
CVSS Score: 1.7
(AV:N/AC:H/Au:M/C:N/I:N/A:P)
Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition, a different vulnerability than CVE-2015-4802.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer.
Vulnerable Software & Versions:
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition, a different vulnerability than CVE-2015-4792.
Vulnerable Software & Versions: (show all)
Severity:
Low
CVSS Score: 3.5
(AV:N/AC:M/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier, when running on Windows, allows remote authenticated users to affect availability via unknown vectors related to Server : Query Cache.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via vectors related to Server : DDL.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB.
Vulnerable Software & Versions:
Severity:
High
CVSS Score: 7.2
(AV:L/AC:L/Au:N/C:C/I:C/A:C)
Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier, and 5.6.25 and earlier, allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Client programs.
Vulnerable Software & Versions:
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:P/I:N/A:N)
Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Types.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:N/I:P/A:N)
Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Server : Security : Privileges.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in Oracle MySQL Server 5.6.25 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition.
Vulnerable Software & Versions:
Severity:
Low
CVSS Score: 2.8
(AV:N/AC:M/Au:M/C:N/I:N/A:P)
Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : SP.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to affect availability via vectors related to DML, a different vulnerability than CVE-2015-4913.
Vulnerable Software & Versions: (show all)
Severity:
Low
CVSS Score: 3.5
(AV:N/AC:M/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via vectors related to DML.
Vulnerable Software & Versions:
Severity:
Low
CVSS Score: 3.5
(AV:N/AC:M/Au:S/C:N/I:P/A:N)
Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Server : Security : Privileges.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB.
Vulnerable Software & Versions:
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Parser.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.6
(AV:N/AC:H/Au:S/C:P/I:P/A:P)
Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier, and 5.6.25 and earlier, allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to DML.
Vulnerable Software & Versions: (show all)
Severity:
Low
CVSS Score: 3.5
(AV:N/AC:M/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Replication.
Vulnerable Software & Versions:
Severity:
Low
CVSS Score: 3.5
(AV:N/AC:M/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in Oracle MySQL Server 5.6.25 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB.
Vulnerable Software & Versions:
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in Oracle MySQL Server 5.6.25 and earlier allows remote authenticated users to affect availability via unknown vectors related to libmysqld.
Vulnerable Software & Versions:
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via vectors related to Server : DML.
Vulnerable Software & Versions:
Severity:
Low
CVSS Score: 2.1
(AV:N/AC:H/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Memcached.
Vulnerable Software & Versions:
Severity:
Low
CVSS Score: 3.5
(AV:N/AC:M/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via vectors related to Server : DML, a different vulnerability than CVE-2015-4858.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier and 5.7.9 allows remote authenticated users to affect availability via vectors related to DML, a different vulnerability than CVE-2016-0504.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:L/Au:S/C:N/I:N/A:C)
Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier and 5.7.9 allows remote authenticated users to affect availability via vectors related to DML, a different vulnerability than CVE-2016-0503.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:L/Au:S/C:N/I:N/A:C)
Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via unknown vectors related to Options.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 7.2
(AV:L/AC:L/Au:N/C:C/I:C/A:C)
Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Client. NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that these are multiple buffer overflows in the mysqlshow tool that allow remote database servers to have unspecified impact via a long table or database name.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.3
(AV:N/AC:M/Au:N/C:N/I:N/A:P)
Unspecified vulnerability in Oracle MySQL 5.6.21 and earlier allows remote authenticated users to affect availability via vectors related to DML.
Vulnerable Software & Versions:
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier allows remote authenticated users to affect availability via vectors related to DML.
Vulnerable Software & Versions:
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier and 5.6.27 and earlier and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via vectors related to DML.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via unknown vectors related to Optimizer.
Vulnerable Software & Versions: (show all)
Severity:
Low
CVSS Score: 3.5
(AV:N/AC:M/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via vectors related to DML.
Vulnerable Software & Versions: (show all)
Severity:
Low
CVSS Score: 3.5
(AV:N/AC:M/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via unknown vectors related to InnoDB.
Vulnerable Software & Versions: (show all)
Severity:
Low
CVSS Score: 3.5
(AV:N/AC:M/Au:S/C:N/I:P/A:N)
Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect integrity via unknown vectors related to encryption.
Vulnerable Software & Versions: (show all)
Severity:
Low
CVSS Score: 2.8
(AV:N/AC:M/Au:M/C:N/I:N/A:P)
Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier and 5.7.9 allows remote authenticated users to affect availability via unknown vectors related to replication.
Vulnerable Software & Versions: (show all)
Severity:
Low
CVSS Score: 3.5
(AV:N/AC:M/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via vectors related to UDF.
Vulnerable Software & Versions: (show all)
Severity:
Low
CVSS Score: 1.7
(AV:N/AC:H/Au:M/C:N/I:N/A:P)
Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via unknown vectors related to privileges.
Vulnerable Software & Versions: (show all)
Severity:
Low
CVSS Score: 3.5
(AV:N/AC:M/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier and MariaDB before 10.0.22 and 10.1.x before 10.1.9 allows remote authenticated users to affect availability via unknown vectors related to InnoDB.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier and 5.7.9 allows remote authenticated users to affect availability via unknown vectors related to Optimizer.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via unknown vectors related to Optimizer.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 10.0
(AV:N/AC:L/Au:N/C:C/I:C/A:C)
Unspecified vulnerability in Oracle MySQL 5.6.29 and earlier and 5.7.11 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Pluggable Authentication.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.9
(AV:N/AC:M/Au:S/C:N/I:P/A:P)
Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users to affect integrity and availability via vectors related to DML.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.9
(AV:N/AC:M/Au:S/C:P/I:N/A:P)
Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users to affect confidentiality and availability via vectors related to MyISAM.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.3
(AV:N/AC:M/Au:M/C:N/I:P/A:P)
Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier allows local users to affect integrity and availability via vectors related to Federated.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:P/I:N/A:N)
Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows local users to affect confidentiality via vectors related to DML.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users to affect availability via vectors related to DDL.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users to affect availability via vectors related to DML.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows local users to affect availability via vectors related to FTS.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows local users to affect availability via vectors related to PS.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users to affect availability via vectors related to PS.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users to affect availability via vectors related to Replication.
Vulnerable Software & Versions: (show all)
Severity:
Low
CVSS Score: 3.5
(AV:N/AC:M/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier allows local users to affect availability via vectors related to Optimizer.
Vulnerable Software & Versions:
Severity:
Low
CVSS Score: 3.5
(AV:N/AC:M/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in Oracle MySQL 5.7.10 and earlier allows local users to affect availability via vectors related to DML.
Vulnerable Software & Versions:
Severity:
Low
CVSS Score: 3.5
(AV:N/AC:M/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in Oracle MySQL 5.7.10 and earlier allows local users to affect availability via vectors related to FTS.
Vulnerable Software & Versions:
Severity:
Low
CVSS Score: 3.5
(AV:N/AC:M/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in Oracle MySQL 5.7.10 and earlier allows local users to affect availability via vectors related to InnoDB, a different vulnerability than CVE-2016-0656.
Vulnerable Software & Versions:
Severity:
Low
CVSS Score: 3.5
(AV:N/AC:M/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in Oracle MySQL 5.6.29 and earlier and 5.7.11 and earlier and MariaDB 10.0.x before 10.0.25 and 10.1.x before 10.1.14 allows local users to affect availability via vectors related to InnoDB.
Vulnerable Software & Versions: (show all)
Severity:
Low
CVSS Score: 3.5
(AV:N/AC:M/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in Oracle MySQL 5.7.10 and earlier allows local users to affect availability via vectors related to InnoDB, a different vulnerability than CVE-2016-0654.
Vulnerable Software & Versions:
Severity:
Low
CVSS Score: 3.5
(AV:N/AC:M/Au:S/C:P/I:N/A:N)
Unspecified vulnerability in Oracle MySQL 5.7.11 and earlier allows local users to affect confidentiality via vectors related to JSON.
Vulnerable Software & Versions:
Severity:
Low
CVSS Score: 3.5
(AV:N/AC:M/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in Oracle MySQL 5.7.10 and earlier allows local users to affect availability via vectors related to Optimizer.
Vulnerable Software & Versions:
Severity:
Low
CVSS Score: 3.5
(AV:N/AC:M/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in Oracle MySQL 5.7.11 and earlier allows local users to affect availability via vectors related to Optimizer.
Vulnerable Software & Versions:
Severity:
Low
CVSS Score: 3.5
(AV:N/AC:M/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in Oracle MySQL 5.6.28 and earlier and 5.7.10 and earlier allows local users to affect availability via vectors related to Options.
Vulnerable Software & Versions: (show all)
Severity:
Low
CVSS Score: 3.5
(AV:N/AC:M/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in Oracle MySQL 5.7.11 and earlier allows local users to affect availability via vectors related to Partition.
Vulnerable Software & Versions:
Severity:
Low
CVSS Score: 3.5
(AV:N/AC:M/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in Oracle MySQL 5.7.10 and earlier allows local users to affect availability via vectors related to Performance Schema.
Vulnerable Software & Versions:
Severity:
Low
CVSS Score: 3.5
(AV:N/AC:M/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in Oracle MySQL 5.6.28 and earlier and 5.7.10 and earlier allows local users to affect availability via vectors related to Security: Encryption.
Vulnerable Software & Versions: (show all)
Severity:
Low
CVSS Score: 3.5
(AV:N/AC:M/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows local users to affect availability via vectors related to Security: Privileges.
Vulnerable Software & Versions: (show all)
Severity:
Low
CVSS Score: 2.8
(AV:N/AC:M/Au:M/C:N/I:N/A:P)
Unspecified vulnerability in Oracle MySQL 5.7.11 and earlier allows local users to affect availability via vectors related to Locking.
Vulnerable Software & Versions:
Severity:
Low
CVSS Score: 1.7
(AV:N/AC:H/Au:M/C:N/I:N/A:P)
Unspecified vulnerability in Oracle MySQL 5.6.28 and earlier and 5.7.10 and earlier and MariaDB 10.0.x before 10.0.24 and 10.1.x before 10.1.12 allows local users to affect availability via vectors related to InnoDB.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 10.0
(AV:N/AC:L/Au:N/C:C/I:C/A:C)
Double free vulnerability in the dsa_priv_decode function in crypto/dsa/dsa_ameth.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a malformed DSA private key.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.3
(AV:N/AC:M/Au:N/C:N/I:P/A:N)
CWE: CWE-254 Security Features
The ssl_verify_server_cert function in sql-common/client.c in MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10; Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier; and Percona Server do not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a "/CN=" string in a field in a certificate, as demonstrated by "/OU=/CN=bar.com/CN=foo.com."
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 5.0
(AV:N/AC:L/Au:N/C:N/I:N/A:P)
CWE: CWE-189 Numeric Errors
Integer overflow in the EVP_EncodeUpdate function in crypto/evp/encode.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of binary data.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows remote administrators to affect availability via vectors related to Server: Optimizer.
Vulnerable Software & Versions:
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in Oracle MySQL 5.7.11 and earlier allows remote authenticated users to affect availability via vectors related to Server: Optimizer.
Vulnerable Software & Versions:
Severity:
Medium
CVSS Score: 4.3
(AV:N/AC:M/Au:N/C:P/I:N/A:N)
Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows remote attackers to affect confidentiality via vectors related to Server: Security: Encryption.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier and MariaDB 10.0.x before 10.0.25 and 10.1.x before 10.1.14 allows remote administrators to affect availability via vectors related to Server: InnoDB.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 7.1
(AV:N/AC:H/Au:S/C:C/I:C/A:C)
Unspecified vulnerability in Oracle MySQL 5.5.45 and earlier and 5.6.26 and earlier allows local users to affect confidentiality, integrity, and availability via vectors related to Server: Option.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.1
(AV:L/AC:M/Au:S/C:P/I:P/A:P)
Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 allows local users to affect confidentiality, integrity, and availability via vectors related to Server: Parser.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:L/Au:S/C:N/I:N/A:C)
Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote authenticated users to affect availability via vectors related to Server: FTS.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:L/Au:S/C:N/I:N/A:C)
Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to Server: Optimizer.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:L/Au:S/C:N/I:N/A:C)
Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: InnoDB.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote authenticated users to affect availability via vectors related to Server: Optimizer.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:L/Au:S/C:N/I:N/A:C)
Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows remote authenticated users to affect availability via vectors related to Server: Optimizer.
Vulnerable Software & Versions:
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:L/Au:S/C:N/I:N/A:C)
Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 allows remote authenticated users to affect availability via vectors related to Server: Types.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.9
(AV:N/AC:M/Au:S/C:N/I:P/A:P)
Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows remote authenticated users to affect integrity and availability via vectors related to Server: InnoDB.
Vulnerable Software & Versions:
Severity:
Low
CVSS Score: 3.5
(AV:N/AC:M/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote authenticated users to affect availability via vectors related to Server: Security: Encryption.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.3
(AV:N/AC:M/Au:N/C:N/I:N/A:P)
Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 allows remote authenticated users to affect availability via vectors related to Server: DML.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows remote administrators to affect availability via vectors related to Server: InnoDB.
Vulnerable Software & Versions:
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows remote administrators to affect availability via vectors related to Server: Log.
Vulnerable Software & Versions:
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote administrators to affect availability via vectors related to Server: Privileges.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 allows remote administrators to affect availability via vectors related to Server: RBR.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows remote administrators to affect availability via vectors related to Server: Replication.
Vulnerable Software & Versions:
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows remote administrators to affect availability via vectors related to Server: Security: Encryption.
Vulnerable Software & Versions:
Severity:
Low
CVSS Score: 1.2
(AV:L/AC:H/Au:N/C:N/I:N/A:P)
Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows local users to affect availability via vectors related to Server: Connection.
Vulnerable Software & Versions:
Severity:
Medium
CVSS Score: 4.3
(AV:N/AC:M/Au:N/C:P/I:N/A:N)
Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows remote attackers to affect confidentiality via vectors related to Server: Connection.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8
(AV:N/AC:L/Au:S/C:N/I:N/A:C)
Unspecified vulnerability in Oracle MySQL 5.6.32 and earlier and 5.7.14 and earlier allows remote administrators to affect availability via vectors related to Server: InnoDB.
Vulnerable Software & Versions: (show all)
Severity:
Low
CVSS Score: 3.5
(AV:N/AC:M/Au:S/C:P/I:N/A:N)
CWE: CWE-200 Information Exposure
Unspecified vulnerability in Oracle MySQL 5.5.52 and earlier, 5.6.33 and earlier, and 5.7.15 and earlier allows remote administrators to affect confidentiality via vectors related to Server: Security: Encryption.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in Oracle MySQL 5.6.31 and earlier and 5.7.13 and earlier allows remote authenticated users to affect availability via vectors related to DML.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in Oracle MySQL 5.5.50 and earlier, 5.6.31 and earlier, and 5.7.13 and earlier allows remote authenticated users to affect availability via vectors related to DML.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier allows remote authenticated users to affect availability via vectors related to DML.
Vulnerable Software & Versions:
Severity:
Medium
CVSS Score: 4.4
(AV:L/AC:M/Au:N/C:P/I:P/A:P)
Unspecified vulnerability in Oracle MySQL 5.7.14 and earlier allows local users to affect confidentiality, integrity, and availability via vectors related to Server: Packaging.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to GIS.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in Oracle MySQL 5.6.31 and earlier and 5.7.13 and earlier allows remote authenticated users to affect availability via vectors related to Server: InnoDB.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: DML.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier allows remote administrators to affect availability via vectors related to Server: Federated.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in Oracle MySQL 5.6.31 and earlier and 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: InnoDB.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: Memcached.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in Oracle MySQL 5.7.14 and earlier allows remote administrators to affect availability via vectors related to Server: Optimizer.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: Performance Schema, a different vulnerability than CVE-2016-8290.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to RBR.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: Security: Audit.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 10.0
(AV:N/AC:L/Au:N/C:C/I:C/A:C)
CWE: CWE-264 Permissions, Privileges, and Access Controls
Oracle MySQL through 5.5.52, 5.6.x through 5.6.33, and 5.7.x through 5.7.15; MariaDB before 5.5.51, 10.0.x before 10.0.27, and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1, 5.6.x before 5.6.32-78.0, and 5.7.x before 5.7.14-7 allow local users to create arbitrary configurations and bypass certain protection mechanisms by setting general_log_file to a my.cnf configuration. NOTE: this can be leveraged to execute arbitrary code with root privileges by setting malloc_lib. NOTE: the affected MySQL version information is from Oracle's October 2016 CPU. Oracle has not commented on third-party claims that the issue was silently patched in MySQL 5.5.52, 5.6.33, and 5.7.15.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.4
(AV:L/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
Race condition in Oracle MySQL before 5.5.52, 5.6.x before 5.6.33, 5.7.x before 5.7.15, and 8.x before 8.0.1; MariaDB before 5.5.52, 10.0.x before 10.0.28, and 10.1.x before 10.1.18; Percona Server before 5.5.51-38.2, 5.6.x before 5.6.32-78-1, and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0, 5.6.x before 5.6.32-25.17, and 5.7.x before 5.7.14-26.17 allows local users with certain permissions to gain privileges by leveraging use of my_copystat by REPAIR TABLE to repair a MyISAM table.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.9
(AV:L/AC:M/Au:N/C:C/I:C/A:C)
CWE: CWE-59 Improper Link Resolution Before File Access ('Link Following')
mysqld_safe in Oracle MySQL through 5.5.51, 5.6.x through 5.6.32, and 5.7.x through 5.7.14; MariaDB; Percona Server before 5.5.51-38.2, 5.6.x before 5.6.32-78-1, and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0, 5.6.x before 5.6.32-25.17, and 5.7.x before 5.7.14-26.17, when using file-based logging, allows local users with access to the mysql account to gain root privileges via a symlink attack on error logs and possibly other files.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to Server: Types.
Vulnerable Software & Versions: (show all)
Severity:
Low
CVSS Score: 1.2
(AV:L/AC:H/Au:N/C:N/I:N/A:P)
Unspecified vulnerability in Oracle MySQL 5.6.31 and earlier and 5.7.13 and earlier allows local users to affect availability via vectors related to Server: Replication.
Vulnerable Software & Versions: (show all)
Severity:
Low
CVSS Score: 3.5
(AV:N/AC:M/Au:S/C:P/I:N/A:N)
CWE: CWE-200 Information Exposure
Unspecified vulnerability in Oracle MySQL 5.7.14 and earlier allows remote authenticated users to affect confidentiality via vectors related to Server: Security: Privileges.
Vulnerable Software & Versions:
Severity:
Low
CVSS Score: 3.5
(AV:N/AC:M/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: Replication.
Vulnerable Software & Versions:
Severity:
Medium
CVSS Score: 4.9
(AV:N/AC:M/Au:S/C:N/I:P/A:P)
CWE: CWE-284 Improper Access Control
Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote authenticated users to affect integrity via vectors related to Server: InnoDB Plugin.
Vulnerable Software & Versions: (show all)
Severity:
Low
CVSS Score: 3.3
(AV:L/AC:M/Au:N/C:N/I:P/A:P)
CWE: CWE-264 Permissions, Privileges, and Access Controls
Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows local users to affect integrity and availability via vectors related to Server: InnoDB.
Vulnerable Software & Versions:
Severity:
Low
CVSS Score: 3.5
(AV:N/AC:M/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: Performance Schema, a different vulnerability than CVE-2016-5633.
Vulnerable Software & Versions:
Severity:
Low
CVSS Score: 3.5
(AV:N/AC:M/Au:S/C:N/I:N/A:P)
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Encryption). Supported versions that are affected are 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MySQL Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.8 (Availability impacts).
Vulnerable Software & Versions: (show all)
Severity:
Low
CVSS Score: 3.5
(AV:N/AC:M/Au:S/C:N/I:N/A:P)
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 4.4 (Availability impacts).
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:N/I:N/A:P)
CWE: CWE-284 Improper Access Control
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.7.19 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
Vulnerable Software & Versions:
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:N/I:N/A:P)
CWE: CWE-284 Improper Access Control
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.19 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
Vulnerable Software & Versions:
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:N/I:N/A:P)
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.6.37 and earlier and 5.7.19 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:N/I:N/A:P)
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.6.36 and earlier and 5.7.18 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:N/I:N/A:P)
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Stored Procedure). Supported versions that are affected are 5.7.18 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
Vulnerable Software & Versions:
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:N/I:N/A:P)
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.7.18 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
Vulnerable Software & Versions:
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:N/I:N/A:P)
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: FTS). Supported versions that are affected are 5.7.19 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
Vulnerable Software & Versions:
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:N/I:N/A:P)
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Group Replication GCS). Supported versions that are affected are 5.7.19 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
Vulnerable Software & Versions:
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:N/I:N/A:P)
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: InnoDB). Supported versions that are affected are 5.7.19 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
Vulnerable Software & Versions:
Severity:
Medium
CVSS Score: 5.5
(AV:N/AC:L/Au:S/C:N/I:P/A:P)
CWE: CWE-284 Improper Access Control
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: InnoDB). Supported versions that are affected are 5.7.18 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.0 Base Score 3.8 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L).
Vulnerable Software & Versions:
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:N/I:N/A:P)
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).
Vulnerable Software & Versions: (show all)
Severity:
Low
CVSS Score: 3.5
(AV:N/AC:M/Au:S/C:N/I:N/A:P)
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Charsets). Supported versions that are affected are 5.5.53 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 4.4 (Availability impacts).
Vulnerable Software & Versions:
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:N/I:N/A:P)
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:N/I:N/A:P)
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.16 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 4.9 (Availability impacts).
Vulnerable Software & Versions:
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:N/I:N/A:P)
CWE: CWE-20 Improper Input Validation
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).
Vulnerable Software & Versions:
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:N/I:N/A:P)
CWE: CWE-485 Insufficient Encapsulation
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: InnoDB). Supported versions that are affected are 5.6.34 and earlier5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).
Vulnerable Software & Versions:
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:N/I:N/A:P)
CWE: CWE-20 Improper Input Validation
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.9
(AV:N/AC:M/Au:S/C:P/I:N/A:P)
CWE: CWE-284 Improper Access Control
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 5.6 (Confidentiality and Availability impacts).
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:N/I:N/A:P)
CWE: CWE-20 Improper Input Validation
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts).
Vulnerable Software & Versions: (show all)
Severity:
Low
CVSS Score: 3.5
(AV:L/AC:H/Au:S/C:P/I:P/A:P)
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS v3.0 Base Score 6.3 (Confidentiality, Integrity and Availability impacts).
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 5.0
(AV:N/AC:L/Au:N/C:N/I:N/A:P)
CWE: CWE-284 Improper Access Control
Crash in libmysqlclient.so in Oracle MySQL before 5.6.21 and 5.7.x before 5.7.5 and MariaDB through 5.5.54, 10.0.x through 10.0.29, 10.1.x through 10.1.21, and 10.2.x through 10.2.3.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.3
(AV:N/AC:M/Au:S/C:C/I:N/A:N)
CWE: CWE-284 Improper Access Control
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: C API). Supported versions that are affected are 5.5.55 and earlier and 5.6.35 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N). NOTE: the previous information is from the April 2017 CPU. Oracle has not commented on third-party claims that this issue allows man-in-the-middle attackers to hijack the authentication of users by leveraging incorrect ordering of security parameter verification in a client, aka, "The Riddle".
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:N/I:N/A:P)
CWE: CWE-284 Improper Access Control
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily "exploitable" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. While the vulnerability is in MySQL Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H).
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:N/I:N/A:P)
CWE: CWE-284 Improper Access Control
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily "exploitable" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. While the vulnerability is in MySQL Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H).
Vulnerable Software & Versions: (show all)
Severity:
Low
CVSS Score: 3.5
(AV:L/AC:H/Au:S/C:P/I:P/A:P)
CWE: CWE-254 Security Features
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS v3.0 Base Score 6.7 (Confidentiality, Integrity and Availability impacts).
Vulnerable Software & Versions: (show all)
Severity:
Low
CVSS Score: 1.5
(AV:L/AC:M/Au:S/C:P/I:N/A:N)
CWE: CWE-200 Information Exposure
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: MyISAM). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS v3.0 Base Score 4.7 (Confidentiality impacts).
Vulnerable Software & Versions: (show all)
Severity:
Low
CVSS Score: 1.5
(AV:L/AC:M/Au:S/C:N/I:N/A:P)
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Logging). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 4.0 (Availability impacts).
Vulnerable Software & Versions: (show all)
Severity:
Low
CVSS Score: 1.0
(AV:L/AC:H/Au:S/C:P/I:N/A:N)
CWE: CWE-284 Improper Access Control
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Error Handling). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS v3.0 Base Score 4.0 (Confidentiality impacts).
Vulnerable Software & Versions: (show all)
Severity:
Low
CVSS Score: 3.5
(AV:N/AC:M/Au:S/C:P/I:N/A:N)
CWE: CWE-200 Information Exposure
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: X Plugin). Supported versions that are affected are 5.7.16 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS v3.0 Base Score 3.1 (Confidentiality impacts).
Vulnerable Software & Versions:
Severity:
Low
CVSS Score: 3.5
(AV:N/AC:M/Au:S/C:P/I:N/A:N)
CWE: CWE-284 Improper Access Control
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Encryption). Supported versions that are affected are 5.7.16 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS v3.0 Base Score 2.4 (Confidentiality impacts).
Vulnerable Software & Versions:
Severity:
Medium
CVSS Score: 5.0
(AV:N/AC:L/Au:N/C:N/I:N/A:P)
CWE: CWE-284 Improper Access Control
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Thread Pooling). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily "exploitable" vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 5.0
(AV:N/AC:L/Au:N/C:N/I:N/A:P)
CWE: CWE-284 Improper Access Control
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Memcached). Supported versions that are affected are 5.6.35 and earlier and 5.7.17 and earlier. Easily "exploitable" vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:N/I:N/A:P)
CWE: CWE-284 Improper Access Control
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.6.35 and earlier. Easily "exploitable" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
Vulnerable Software & Versions:
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:N/I:N/A:P)
CWE: CWE-284 Improper Access Control
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily "exploitable" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 5.5
(AV:N/AC:L/Au:S/C:N/I:P/A:P)
CWE: CWE-284 Improper Access Control
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: InnoDB). Supported versions that are affected are 5.7.17 and earlier. Easily "exploitable" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).
Vulnerable Software & Versions:
Severity:
Medium
CVSS Score: 5.5
(AV:N/AC:L/Au:S/C:P/I:P/A:N)
CWE: CWE-284 Improper Access Control
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.7.17 and earlier. Easily "exploitable" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N).
Vulnerable Software & Versions:
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:N/I:N/A:P)
CWE: CWE-284 Improper Access Control
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily "exploitable" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:N/I:N/A:P)
CWE: CWE-284 Improper Access Control
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.7.17 and earlier. Easily "exploitable" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
Vulnerable Software & Versions:
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:N/I:N/A:P)
CWE: CWE-284 Improper Access Control
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.7.17 and earlier. Easily "exploitable" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
Vulnerable Software & Versions:
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:N/I:N/A:P)
CWE: CWE-284 Improper Access Control
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.17 and earlier. Easily "exploitable" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
Vulnerable Software & Versions:
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:N/I:N/A:P)
CWE: CWE-284 Improper Access Control
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Audit Plug-in). Supported versions that are affected are 5.7.17 and earlier. Easily "exploitable" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
Vulnerable Software & Versions:
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:N/I:N/A:P)
CWE: CWE-284 Improper Access Control
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily "exploitable" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:N/I:N/A:P)
CWE: CWE-284 Improper Access Control
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily "exploitable" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:N/I:N/A:P)
CWE: CWE-284 Improper Access Control
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily "exploitable" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:N/I:P/A:N)
CWE: CWE-284 Improper Access Control
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily "exploitable" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:N/I:P/A:N)
CWE: CWE-284 Improper Access Control
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.7.17 and earlier. Easily "exploitable" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).
Vulnerable Software & Versions:
Severity:
Medium
CVSS Score: 4.3
(AV:N/AC:M/Au:N/C:P/I:N/A:N)
CWE: CWE-284 Improper Access Control
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: C API). Supported versions that are affected are 5.7.17 and earlier. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).
Vulnerable Software & Versions:
Severity:
Low
CVSS Score: 3.5
(AV:N/AC:M/Au:S/C:N/I:P/A:N)
CWE: CWE-284 Improper Access Control
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Encryption). Supported versions that are affected are 5.7.17 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N).
Vulnerable Software & Versions:
Severity:
Low
CVSS Score: 3.5
(AV:N/AC:M/Au:S/C:N/I:N/A:P)
CWE: CWE-284 Improper Access Control
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: UDF). Supported versions that are affected are 5.7.18 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H).
Vulnerable Software & Versions:
Severity:
High
CVSS Score: 7.8
(AV:N/AC:L/Au:N/C:N/I:N/A:C)
CWE: CWE-284 Improper Access Control
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Pluggable Auth). Supported versions that are affected are 5.6.35 and earlier and 5.7.17 and earlier. Easily "exploitable" vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). NOTE: the previous information is from the April 2017 CPU. Oracle has not commented on third-party claims that this issue is an integer overflow in sql/auth/sql_authentication.cc which allows remote attackers to cause a denial of service via a crafted authentication packet.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.0
(AV:N/AC:M/Au:S/C:P/I:P/A:P)
CWE: CWE-284 Improper Access Control
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client mysqldump). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in takeover of MySQL Server. Note: CVE-2017-3600 is equivalent to CVE-2016-5483. CVSS 3.0 Base Score 6.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H).
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 5.8
(AV:N/AC:M/Au:N/C:N/I:P/A:P)
CWE: CWE-284 Improper Access Control
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Memcached). Supported versions that are affected are 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Memcached to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 6.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H).
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:N/I:N/A:P)
CWE: CWE-284 Improper Access Control
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.6.36 and earlier and 5.7.18 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
Vulnerable Software & Versions: (show all)
Severity:
Low
CVSS Score: 3.5
(AV:N/AC:M/Au:S/C:N/I:N/A:P)
CWE: CWE-284 Improper Access Control
Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/C). Supported versions that are affected are 6.1.10 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Connectors. Note: The documentation has also been updated for the correct way to use mysql_stmt_close(). Please see: https://dev.mysql.com/doc/refman/5.7/en/mysql-stmt-execute.html, https://dev.mysql.com/doc/refman/5.7/en/mysql-stmt-fetch.html, https://dev.mysql.com/doc/refman/5.7/en/mysql-stmt-close.html, https://dev.mysql.com/doc/refman/5.7/en/mysql-stmt-error.html, https://dev.mysql.com/doc/refman/5.7/en/mysql-stmt-errno.html, and https://dev.mysql.com/doc/refman/5.7/en/mysql-stmt-sqlstate.html. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H).
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.6
(AV:L/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-284 Improper Access Control
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.56 and earlier and 5.6.36 and earlier. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.0 Base Score 5.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L).
Vulnerable Software & Versions: (show all)
Severity:
Low
CVSS Score: 3.5
(AV:N/AC:M/Au:S/C:N/I:N/A:P)
CWE: CWE-284 Improper Access Control
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: X Plugin). Supported versions that are affected are 5.7.18 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H).
Vulnerable Software & Versions:
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:N/I:N/A:P)
CWE: CWE-284 Improper Access Control
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.18 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
Vulnerable Software & Versions:
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:N/I:N/A:P)
CWE: CWE-284 Improper Access Control
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.7.18 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
Vulnerable Software & Versions:
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:N/I:N/A:P)
CWE: CWE-284 Improper Access Control
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.7.18 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
Vulnerable Software & Versions:
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:N/I:N/A:P)
CWE: CWE-284 Improper Access Control
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:N/I:N/A:P)
CWE: CWE-284 Improper Access Control
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.18 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
Vulnerable Software & Versions:
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:N/I:N/A:P)
CWE: CWE-284 Improper Access Control
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.7.18 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
Vulnerable Software & Versions:
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:N/I:N/A:P)
CWE: CWE-284 Improper Access Control
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.7.18 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
Vulnerable Software & Versions:
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:N/I:N/A:P)
CWE: CWE-284 Improper Access Control
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.18 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
Vulnerable Software & Versions:
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:N/I:N/A:P)
CWE: CWE-284 Improper Access Control
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: X Plugin). Supported versions that are affected are 5.7.16 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
Vulnerable Software & Versions:
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:N/I:N/A:P)
CWE: CWE-284 Improper Access Control
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:N/I:N/A:P)
CWE: CWE-284 Improper Access Control
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Charsets). Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:N/I:N/A:P)
CWE: CWE-284 Improper Access Control
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.3
(AV:N/AC:M/Au:N/C:P/I:N/A:N)
CWE: CWE-284 Improper Access Control
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: C API). Supported versions that are affected are 5.7.18 and earlier. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).
Vulnerable Software & Versions:
Severity:
Medium
CVSS Score: 4.0
(AV:N/AC:L/Au:S/C:N/I:P/A:N)
CWE: CWE-284 Improper Access Control
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client mysqldump). Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.9
(AV:N/AC:M/Au:S/C:P/I:P/A:N)
CWE: CWE-284 Improper Access Control
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 4.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N).
Vulnerable Software & Versions: (show all)
Severity:
Low
CVSS Score: 3.5
(AV:N/AC:M/Au:S/C:N/I:P/A:N)
CWE: CWE-284 Improper Access Control
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N).
Vulnerable Software & Versions: (show all)
File Path: /root/.m2/repository/com/github/jnr/jffi/1.2.9/jffi-1.2.9-native.jar/jni/x86_64-Windows/jffi-1.2.dll
MD5: 5d80b61c1f9e31860c17b3a410948e7e
SHA1: 5ca292116336ee4ceed00d10e756afea580e62cf
Referenced In Project/Scope:
headerbuddy:runtime
File Path: /root/.m2/repository/com/github/jnr/jffi/1.2.9/jffi-1.2.9-native.jar/jni/i386-Windows/jffi-1.2.dll
MD5: 841e60814ed6b2971a47b267aef1c58a
SHA1: 07d30c6407fefad8df4b6afc4d85f83e547975ca
Referenced In Project/Scope:
headerbuddy:runtime
Description: Core Jackson abstractions, basic JSON streaming API implementation
File Path: /root/.m2/repository/com/spotify/docker-client/8.7.1/docker-client-8.7.1-shaded.jar/META-INF/maven/com.fasterxml.jackson.core/jackson-core/pom.xml
MD5: 8699dbe23c10ca05ecb02e0b31c88aeb
SHA1: 39fc72c2d4b4370bda4767d66dfe5ce82cffdb79
Description: Jersey core client implementation
File Path: /root/.m2/repository/com/spotify/docker-client/8.7.1/docker-client-8.7.1-shaded.jar/META-INF/maven/org.glassfish.jersey.core/jersey-client/pom.xml
MD5: 085f09a3b5576a0cb1ca76544e3cca29
SHA1: fa1cdb5a11f1d52b289f208e90589d73e5fe8352
Description: Jersey core common packages
File Path: /root/.m2/repository/com/spotify/docker-client/8.7.1/docker-client-8.7.1-shaded.jar/META-INF/maven/org.glassfish.jersey.core/jersey-common/pom.xml
MD5: a599c8c931317ddec5c36441fdd94266
SHA1: 44e0358bbf754ed4982b84ce10e5304e2a414ef4
Description: Common Annotations for the JavaTM Platform API
License:
CDDL + GPLv2 with classpath exception: https://glassfish.dev.java.net/nonav/public/CDDL+GPL.htmlFile Path: /root/.m2/repository/com/spotify/docker-client/8.7.1/docker-client-8.7.1-shaded.jar/META-INF/maven/javax.annotation/javax.annotation-api/pom.xml
Description: Jersey Guava Repackaged
File Path: /root/.m2/repository/com/spotify/docker-client/8.7.1/docker-client-8.7.1-shaded.jar/META-INF/maven/org.glassfish.jersey.bundles.repackaged/jersey-guava/pom.xml
MD5: 9a0870bf6408639cceacc3dee6cfa907
SHA1: a87856dc87ffef07114f5b6ea8c2c429d49ef271
Description: ${project.name}
File Path: /root/.m2/repository/com/spotify/docker-client/8.7.1/docker-client-8.7.1-shaded.jar/META-INF/maven/org.glassfish.hk2/hk2-api/pom.xml
MD5: b5ed2d797f6bca1487e6c276317ebc82
SHA1: 9d74dd728b614da6fe3a8cf85c360fc9a0118a63
File Path: /root/.m2/repository/com/spotify/docker-client/8.7.1/docker-client-8.7.1-shaded.jar/META-INF/maven/org.jvnet/tiger-types/pom.xml
MD5: 51329dba505e7cc4a9bc2719cf195be0
SHA1: 5855a7ee03b816073c2b448bce93319bd71f7029
Description: ${project.name}
File Path: /root/.m2/repository/com/spotify/docker-client/8.7.1/docker-client-8.7.1-shaded.jar/META-INF/maven/org.glassfish.hk2/hk2-utils/pom.xml
MD5: 4466ecc3437fd38cb0f0dcae536a9f1c
SHA1: c2206f30ce8a8ff8895614cab9163c03897bf5bd
File Path: /root/.m2/repository/com/spotify/docker-client/8.7.1/docker-client-8.7.1-shaded.jar/META-INF/maven/org.glassfish.hk2.external/aopalliance-repackaged/pom.xml
MD5: 6329fe94f6528ac0805f221c392a27bb
SHA1: 6c33a2d0185a9f1c1f9310570baf11624b28ecd4
Description: Injection API (JSR 330) version ${javax.inject.version} repackaged as OSGi bundle
File Path: /root/.m2/repository/com/spotify/docker-client/8.7.1/docker-client-8.7.1-shaded.jar/META-INF/maven/org.glassfish.hk2.external/javax.inject/pom.xml
MD5: 8384dce4d1680f2e8ce90d68e8f31fab
SHA1: ebb938fcb872a7b5e95e4993067e81293567af21
Description: ${project.name}
File Path: /root/.m2/repository/com/spotify/docker-client/8.7.1/docker-client-8.7.1-shaded.jar/META-INF/maven/org.glassfish.hk2/hk2-locator/pom.xml
MD5: c93e64886fed06279f0fc3227d4181ce
SHA1: 653de9a6dd7758f00bfa19a4bc0a16ab29bb47f2
Description:
Jersey JSON Jackson (2.x) entity providers support module.
File Path: /root/.m2/repository/com/spotify/docker-client/8.7.1/docker-client-8.7.1-shaded.jar/META-INF/maven/org.glassfish.jersey.media/jersey-media-json-jackson/pom.xml
MD5: f8dab756323726c59048a9ef8aa5cdf2
SHA1: 0f525bd88f9a26a31d89903f4321330e0ee76cb7
Description:
Jersey extension module providing support for Entity Data Filtering.
File Path: /root/.m2/repository/com/spotify/docker-client/8.7.1/docker-client-8.7.1-shaded.jar/META-INF/maven/org.glassfish.jersey.ext/jersey-entity-filtering/pom.xml
MD5: e368931c4ecc5918bf2f4ed134f6996e
SHA1: 9a4614d53d44db1b1ad03271a345f69b2908d902